QwikSec

Security Database

CVE

CWE

Training

CVE-2016-4804

Published: Jun 3, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2016:1461

vendor-advisory

x_refsource_SUSE

https://github.com/dosfstools/dosfstools/issues/25

x_refsource_CONFIRM

https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

https://github.com/dosfstools/dosfstools/issues/26

x_refsource_CONFIRM

openSUSE-SU-2016:2233

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52

x_refsource_CONFIRM

[debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.