CVE-2016-4359
Description
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
34.599
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in HP LoadRunner 11.52 | Windows |
| Vulnerabilities CVE-2015-6857,CVE-2016-4359,CVE-2016-4360,CVE-2016-4361 are affected in HP LoadRunner 12.00 | Windows |
| Vulnerabilities CVE-2015-6857,CVE-2016-4359,CVE-2016-4360,CVE-2016-4361 are affected in HP LoadRunner 12.01 | Windows |
| Vulnerabilities CVE-2015-6857,CVE-2016-4359,CVE-2016-4360,CVE-2016-4361 are affected in HP LoadRunner 12.02 | Windows |
| Vulnerabilities CVE-2015-6857,CVE-2016-4359,CVE-2016-4360,CVE-2016-4361 are affected in HP LoadRunner 12.50 | Windows |
| Multiple Vulnerabilities affected in loadrunner 12.50-p1 | NCM |
| Multiple Vulnerabilities affected in loadrunner 12.02-p2 | NCM |
| Multiple Vulnerabilities affected in loadrunner 12.01-p3 | NCM |
| Multiple Vulnerabilities affected in loadrunner 12.00-p1 | NCM |
| Multiple Vulnerabilities affected in performance_center 12.50-p1 | NCM |
| Multiple Vulnerabilities affected in performance_center 12.20-p2 | NCM |
| Multiple Vulnerabilities affected in performance_center 12.01-p3 | NCM |
| Multiple Vulnerabilities affected in performance_center 12.00-p1 | NCM |
| Multiple Vulnerabilities affected in performance_center 11.52-p3 | NCM |
| Vulnerabilities CVE-2016-4359 ,CVE-2016-4360 ,CVE-2016-4361 ,CVE-2017-5789 ,CVE-2017-8953 are affected in loadrunner 11.52-p3 | NCM |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4359) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234