CVE-2016-5824

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

References

http://www.openwall.com/lists/oss-security/2016/06/25/4

http://www.openwall.com/lists/oss-security/2017/01/20/16

http://www.securityfocus.com/bid/91459

https://access.redhat.com/errata/RHSA-2019:0269

https://access.redhat.com/errata/RHSA-2019:0270

https://bugzilla.mozilla.org/show_bug.cgi?id=1275400

https://github.com/libical/libical/issues/235

https://github.com/libical/libical/issues/251

https://github.com/libical/libical/issues/286

https://security.gentoo.org/glsa/201904-02

https://security.gentoo.org/glsa/201904-07

https://usn.ubuntu.com/3897-1/

Details

Source: MITRE

Published: 2017-01-27

Updated: 2019-04-02

Type: CWE-416

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libical_project:libical:1.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
127434NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0156)NessusNewStart CGSL Local Security Checks
critical
127315NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0093)NessusNewStart CGSL Local Security Checks
critical
127238NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0052)NessusNewStart CGSL Local Security Checks
critical
123581GLSA-201904-07 : Mozilla Thunderbird and Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
123576GLSA-201904-02 : Libical: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
122493openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251)NessusSuSE Local Security Checks
critical
122482Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Thunderbird vulnerabilities (USN-3897-1)NessusUbuntu Local Security Checks
critical
122224openSUSE Security Update : MozillaThunderbird (openSUSE-2019-182)NessusSuSE Local Security Checks
critical
122065CentOS 7 : thunderbird (CESA-2019:0270)NessusCentOS Local Security Checks
critical
122064CentOS 6 : thunderbird (CESA-2019:0269)NessusCentOS Local Security Checks
critical
121631Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190204)NessusScientific Linux Local Security Checks
critical
121607Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190204)NessusScientific Linux Local Security Checks
critical
121600Mozilla Thunderbird < 60.5NessusWindows
critical
121599Mozilla Thunderbird < 60.5NessusMacOS X Local Security Checks
critical
121586RHEL 7 : thunderbird (RHSA-2019:0270)NessusRed Hat Local Security Checks
critical
121585RHEL 6 : thunderbird (RHSA-2019:0269)NessusRed Hat Local Security Checks
critical
121584Oracle Linux 7 : thunderbird (ELSA-2019-0270)NessusOracle Linux Local Security Checks
critical
121583Oracle Linux 6 : thunderbird (ELSA-2019-0269)NessusOracle Linux Local Security Checks
critical
106130SUSE SLES11 Security Update : Recommended update for libical (SUSE-SU-2018:0119-1)NessusSuSE Local Security Checks
critical
102067SUSE SLED12 / SLES12 Security Update : libical (SUSE-SU-2017:1989-1)NessusSuSE Local Security Checks
critical
102058openSUSE Security Update : libical (openSUSE-2017-869)NessusSuSE Local Security Checks
critical
100479Debian DLA-959-1 : libical security updateNessusDebian Local Security Checks
critical