Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-4359

Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.

Published

2016-06-08T14:59:37.797

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application hp loadrunner 11.52 Yes
Application hp loadrunner 12.00 Yes
Application hp loadrunner 12.01 Yes
Application hp loadrunner 12.02 Yes
Application hp loadrunner 12.50 Yes
Application hp performance_center 11.52 Yes
Application hp performance_center 12.00 Yes
Application hp performance_center 12.01 Yes
Application hp performance_center 12.20 Yes
Application hp performance_center 12.50 Yes
References