Description
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZ5UXDOB7BA5NGE2F2I2BL4K6763DHW/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3636
Release Notes, Vendor Advisory x_refsource_confirm
http://collectd.org/news.shtml
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CM4W5SJ4OTBGINGIN4NJLXCUZAZANO6J/
Patch, Third Party Advisory x_refsource_confirm
https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
Scores
CVSS v3
9.1
EPSS
0.0570
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (4)
collectd/collectd
5.4.0 - 5.4.3
debian/debian_linux
8.0
fedoraproject/fedora
23
fedoraproject/fedora
24
Published
Aug 19, 2016
Tracked Since
Feb 18, 2026