Fluid Attacks Database

Description

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	util-linux	>=0 <2.28.1-1	2.28.1-1
debian 13	util-linux	>=0 <2.28.1-1	2.28.1-1
debian 14	util-linux	>=0 <2.28.1-1	2.28.1-1
debian 11	util-linux	>=0 <2.28.1-1	2.28.1-1
rpm rhel7	util-linux	<0:2.23.2-33.el7	0:2.23.2-33.el7
rpm rhel6	util-linux-ng	-	-
rpm rhel5	util-linux	-	-

Aliases

1. CVE-2016-50112. NVD-2016-50113. OSV-DEBIAN-2016-50114. OSV-2016-50115. SECURITY-TRACKER-CVE-2016-5011

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.