cvelistv5 - cve-2016-8606

CVE-2016-8606 (GCVE-0-2016-8606)

Vulnerability from cvelistv5 – Published: 2017-01-12 22:00 – Updated: 2024-08-06 02:27

Summary

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2016/10/12/2	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/93514	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-0aab71f552",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/"
          },
          {
            "name": "FEDORA-2016-34209c3a8e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/"
          },
          {
            "name": "FEDORA-2016-a47bf58beb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/"
          },
          {
            "name": "[oss-security] 20161012 Re: CVE request: GNU Guile \u003c= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2"
          },
          {
            "name": "93514",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93514"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-12T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2016-0aab71f552",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/"
        },
        {
          "name": "FEDORA-2016-34209c3a8e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/"
        },
        {
          "name": "FEDORA-2016-a47bf58beb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/"
        },
        {
          "name": "[oss-security] 20161012 Re: CVE request: GNU Guile \u003c= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2"
        },
        {
          "name": "93514",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93514"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8606",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2016-0aab71f552",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/"
            },
            {
              "name": "FEDORA-2016-34209c3a8e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/"
            },
            {
              "name": "FEDORA-2016-a47bf58beb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/"
            },
            {
              "name": "[oss-security] 20161012 Re: CVE request: GNU Guile \u003c= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2"
            },
            {
              "name": "93514",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93514"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-8606",
    "datePublished": "2017-01-12T22:00:00",
    "dateReserved": "2016-10-11T00:00:00",
    "dateUpdated": "2024-08-06T02:27:41.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:guile:2.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FFB9149-B831-4E9D-9498-94EA64D4FF86\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"772E9557-A371-4664-AE2D-4135AAEB89AA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.\"}, {\"lang\": \"es\", \"value\": \"El servidor REPL (--listen) en GNU Guile 2.0.12 permite a un atacante ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de un ataque interprotocolo HTTP.\"}]",
      "id": "CVE-2016-8606",
      "lastModified": "2024-11-21T02:59:39.580",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-12T22:59:00.313",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2016/10/12/2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93514\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/10/12/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93514\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8606\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-12T22:59:00.313\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.\"},{\"lang\":\"es\",\"value\":\"El servidor REPL (--listen) en GNU Guile 2.0.12 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un ataque interprotocolo HTTP.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:guile:2.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FFB9149-B831-4E9D-9498-94EA64D4FF86\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"772E9557-A371-4664-AE2D-4135AAEB89AA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2016/10/12/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93514\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/10/12/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93514\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

OPENSUSE-SU-2024:10389-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

guile-2.0.13-2.1 on GA media

Notes

Title of the patch

guile-2.0.13-2.1 on GA media

Description of the patch

These are all security issues fixed in the guile-2.0.13-2.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10389

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "guile-2.0.13-2.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the guile-2.0.13-2.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10389",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10389-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8605 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8605/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8606 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8606/"
      }
    ],
    "title": "guile-2.0.13-2.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10389-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "guile-2.0.13-2.1.aarch64",
                "product": {
                  "name": "guile-2.0.13-2.1.aarch64",
                  "product_id": "guile-2.0.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "guile-devel-2.0.13-2.1.aarch64",
                "product": {
                  "name": "guile-devel-2.0.13-2.1.aarch64",
                  "product_id": "guile-devel-2.0.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "guile-modules-2_0-2.0.13-2.1.aarch64",
                "product": {
                  "name": "guile-modules-2_0-2.0.13-2.1.aarch64",
                  "product_id": "guile-modules-2_0-2.0.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libguile-2_0-22-2.0.13-2.1.aarch64",
                "product": {
                  "name": "libguile-2_0-22-2.0.13-2.1.aarch64",
                  "product_id": "libguile-2_0-22-2.0.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libguilereadline-v-18-18-2.0.13-2.1.aarch64",
                "product": {
                  "name": "libguilereadline-v-18-18-2.0.13-2.1.aarch64",
                  "product_id": "libguilereadline-v-18-18-2.0.13-2.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "guile-2.0.13-2.1.ppc64le",
                "product": {
                  "name": "guile-2.0.13-2.1.ppc64le",
                  "product_id": "guile-2.0.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "guile-devel-2.0.13-2.1.ppc64le",
                "product": {
                  "name": "guile-devel-2.0.13-2.1.ppc64le",
                  "product_id": "guile-devel-2.0.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "guile-modules-2_0-2.0.13-2.1.ppc64le",
                "product": {
                  "name": "guile-modules-2_0-2.0.13-2.1.ppc64le",
                  "product_id": "guile-modules-2_0-2.0.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libguile-2_0-22-2.0.13-2.1.ppc64le",
                "product": {
                  "name": "libguile-2_0-22-2.0.13-2.1.ppc64le",
                  "product_id": "libguile-2_0-22-2.0.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
                "product": {
                  "name": "libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
                  "product_id": "libguilereadline-v-18-18-2.0.13-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "guile-2.0.13-2.1.s390x",
                "product": {
                  "name": "guile-2.0.13-2.1.s390x",
                  "product_id": "guile-2.0.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "guile-devel-2.0.13-2.1.s390x",
                "product": {
                  "name": "guile-devel-2.0.13-2.1.s390x",
                  "product_id": "guile-devel-2.0.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "guile-modules-2_0-2.0.13-2.1.s390x",
                "product": {
                  "name": "guile-modules-2_0-2.0.13-2.1.s390x",
                  "product_id": "guile-modules-2_0-2.0.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libguile-2_0-22-2.0.13-2.1.s390x",
                "product": {
                  "name": "libguile-2_0-22-2.0.13-2.1.s390x",
                  "product_id": "libguile-2_0-22-2.0.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libguilereadline-v-18-18-2.0.13-2.1.s390x",
                "product": {
                  "name": "libguilereadline-v-18-18-2.0.13-2.1.s390x",
                  "product_id": "libguilereadline-v-18-18-2.0.13-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "guile-2.0.13-2.1.x86_64",
                "product": {
                  "name": "guile-2.0.13-2.1.x86_64",
                  "product_id": "guile-2.0.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "guile-devel-2.0.13-2.1.x86_64",
                "product": {
                  "name": "guile-devel-2.0.13-2.1.x86_64",
                  "product_id": "guile-devel-2.0.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "guile-modules-2_0-2.0.13-2.1.x86_64",
                "product": {
                  "name": "guile-modules-2_0-2.0.13-2.1.x86_64",
                  "product_id": "guile-modules-2_0-2.0.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libguile-2_0-22-2.0.13-2.1.x86_64",
                "product": {
                  "name": "libguile-2_0-22-2.0.13-2.1.x86_64",
                  "product_id": "libguile-2_0-22-2.0.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libguilereadline-v-18-18-2.0.13-2.1.x86_64",
                "product": {
                  "name": "libguilereadline-v-18-18-2.0.13-2.1.x86_64",
                  "product_id": "libguilereadline-v-18-18-2.0.13-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-2.0.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-2.0.13-2.1.aarch64"
        },
        "product_reference": "guile-2.0.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-2.0.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-2.0.13-2.1.ppc64le"
        },
        "product_reference": "guile-2.0.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-2.0.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-2.0.13-2.1.s390x"
        },
        "product_reference": "guile-2.0.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-2.0.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-2.0.13-2.1.x86_64"
        },
        "product_reference": "guile-2.0.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-devel-2.0.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.aarch64"
        },
        "product_reference": "guile-devel-2.0.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-devel-2.0.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.ppc64le"
        },
        "product_reference": "guile-devel-2.0.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-devel-2.0.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.s390x"
        },
        "product_reference": "guile-devel-2.0.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-devel-2.0.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.x86_64"
        },
        "product_reference": "guile-devel-2.0.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-modules-2_0-2.0.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.aarch64"
        },
        "product_reference": "guile-modules-2_0-2.0.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-modules-2_0-2.0.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.ppc64le"
        },
        "product_reference": "guile-modules-2_0-2.0.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-modules-2_0-2.0.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.s390x"
        },
        "product_reference": "guile-modules-2_0-2.0.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "guile-modules-2_0-2.0.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.x86_64"
        },
        "product_reference": "guile-modules-2_0-2.0.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libguile-2_0-22-2.0.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.aarch64"
        },
        "product_reference": "libguile-2_0-22-2.0.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libguile-2_0-22-2.0.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.ppc64le"
        },
        "product_reference": "libguile-2_0-22-2.0.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libguile-2_0-22-2.0.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.s390x"
        },
        "product_reference": "libguile-2_0-22-2.0.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libguile-2_0-22-2.0.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.x86_64"
        },
        "product_reference": "libguile-2_0-22-2.0.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libguilereadline-v-18-18-2.0.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.aarch64"
        },
        "product_reference": "libguilereadline-v-18-18-2.0.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libguilereadline-v-18-18-2.0.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.ppc64le"
        },
        "product_reference": "libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libguilereadline-v-18-18-2.0.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.s390x"
        },
        "product_reference": "libguilereadline-v-18-18-2.0.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libguilereadline-v-18-18-2.0.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.x86_64"
        },
        "product_reference": "libguilereadline-v-18-18-2.0.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-8605",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8605"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The mkdir procedure of GNU Guile temporarily changed the process\u0027 umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:guile-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:guile-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:guile-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:guile-2.0.13-2.1.x86_64",
          "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.x86_64",
          "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.x86_64",
          "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.x86_64",
          "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8605",
          "url": "https://www.suse.com/security/cve/CVE-2016-8605"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1004221 for CVE-2016-8605",
          "url": "https://bugzilla.suse.com/1004221"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:guile-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:guile-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-8605"
    },
    {
      "cve": "CVE-2016-8606",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8606"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:guile-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:guile-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:guile-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:guile-2.0.13-2.1.x86_64",
          "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.x86_64",
          "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.x86_64",
          "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.x86_64",
          "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.aarch64",
          "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
          "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.s390x",
          "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8606",
          "url": "https://www.suse.com/security/cve/CVE-2016-8606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1004226 for CVE-2016-8606",
          "url": "https://bugzilla.suse.com/1004226"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:guile-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:guile-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-devel-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:guile-modules-2_0-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:libguile-2_0-22-2.0.13-2.1.x86_64",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.aarch64",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.ppc64le",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.s390x",
            "openSUSE Tumbleweed:libguilereadline-v-18-18-2.0.13-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-8606"
    }
  ]
}

CNVD-2016-09580

Vulnerability from cnvd - Published: 2016-10-20

Title

GNU Guile远程代码执行漏洞

Description

GNU Guile是GNU计划开发的一套用于创建灵活的应用程序的编程语言。 GNU Guile存在安全漏洞，允许远程攻击者可利用该漏洞以应用程序权限执行任意代码。

Severity

高

Patch Name

GNU Guile远程代码执行漏洞的补丁

Patch Description

GNU Guile是GNU计划开发的一套用于创建灵活的应用程序的编程语言。 GNU Guile存在安全漏洞，允许远程攻击者可利用该漏洞以应用程序权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.gnu.org/

Reference

http://www.securityfocus.com/bid/93514

Impacted products

Name
GNU Guile <=2.0.12

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93514"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8606"
    }
  },
  "description": "GNU Guile\u662fGNU\u8ba1\u5212\u5f00\u53d1\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u7075\u6d3b\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nGNU Guile\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "GNU",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.gnu.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-09580",
  "openTime": "2016-10-20",
  "patchDescription": "GNU Guile\u662fGNU\u8ba1\u5212\u5f00\u53d1\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u7075\u6d3b\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nGNU Guile\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNU Guile\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GNU Guile \u003c=2.0.12"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93514",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-16",
  "title": "GNU Guile\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GSD-2016-8606

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

Aliases

CVE-2016-8606

Aliases

CVE-2016-8606

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8606",
    "description": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.",
    "id": "GSD-2016-8606",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-8606.html",
      "https://advisories.mageia.org/CVE-2016-8606.html",
      "https://security.archlinux.org/CVE-2016-8606"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8606"
      ],
      "details": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.",
      "id": "GSD-2016-8606",
      "modified": "2023-12-13T01:21:22.397712Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-8606",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "FEDORA-2016-0aab71f552",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/"
          },
          {
            "name": "FEDORA-2016-34209c3a8e",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/"
          },
          {
            "name": "FEDORA-2016-a47bf58beb",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/"
          },
          {
            "name": "[oss-security] 20161012 Re: CVE request: GNU Guile \u003c= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2"
          },
          {
            "name": "93514",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93514"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:guile:2.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8606"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2016-34209c3a8e",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/"
            },
            {
              "name": "FEDORA-2016-a47bf58beb",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/"
            },
            {
              "name": "FEDORA-2016-0aab71f552",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/"
            },
            {
              "name": "93514",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93514"
            },
            {
              "name": "[oss-security] 20161012 Re: CVE request: GNU Guile \u003c= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks",
              "refsource": "MLIST",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-01-18T16:27Z",
      "publishedDate": "2017-01-12T22:59Z"
    }
  }
}

FKIE_CVE-2016-8606

Vulnerability from fkie_nvd - Published: 2017-01-12 22:59 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2016/10/12/2	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/93514	Third Party Advisory, VDB Entry
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/10/12/2	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93514	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/

Impacted products

Vendor	Product	Version
gnu	guile	2.0.12
fedoraproject	fedora	23
fedoraproject	fedora	24
fedoraproject	fedora	25

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:guile:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FFB9149-B831-4E9D-9498-94EA64D4FF86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
              "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack."
    },
    {
      "lang": "es",
      "value": "El servidor REPL (--listen) en GNU Guile 2.0.12 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un ataque interprotocolo HTTP."
    }
  ],
  "id": "CVE-2016-8606",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-12T22:59:00.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93514"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VQRX-MF37-8X6H

Vulnerability from github – Published: 2022-05-17 03:03 – Updated: 2025-04-20 03:31

Details

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8606"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-12T22:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.",
  "id": "GHSA-vqrx-mf37-8x6h",
  "modified": "2025-04-20T03:31:08Z",
  "published": "2022-05-17T03:03:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8606"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93514"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8606 (GCVE-0-2016-8606)

OPENSUSE-SU-2024:10389-1

CNVD-2016-09580

GSD-2016-8606

FKIE_CVE-2016-8606

GHSA-VQRX-MF37-8X6H

Tags

Sightings

Nomenclature