UBUNTU-CVE-2016-10253

Source
https://ubuntu.com/security/CVE-2016-10253
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-10253.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2016-10253
Upstream
Downstream
Related
Published
2017-03-18T00:00:00Z
Modified
2025-07-16T08:18:47.041935Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - low
Summary
[none]
Details

An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.

References

Affected packages

Ubuntu:16.04:LTS / erlang

Package

Name
erlang
Purl
pkg:deb/ubuntu/erlang@1:18.3-dfsg-1ubuntu3.1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:18.3-dfsg-1ubuntu3.1

Affected versions

1:18.*

1:18.0-dfsg-1ubuntu1
1:18.0-dfsg-1ubuntu2
1:18.2-dfsg-2ubuntu1
1:18.3-dfsg-1ubuntu1
1:18.3-dfsg-1ubuntu2
1:18.3-dfsg-1ubuntu3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "erlang",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-asn1",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-asn1-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-base",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-base-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-base-hipe",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-base-hipe-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-common-test",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-common-test-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-corba",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-corba-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-crypto",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-crypto-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-dbg",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-debugger",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-debugger-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-dev",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-dev-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-dialyzer",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-dialyzer-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-diameter",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-diameter-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-doc",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-edoc",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-edoc-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-eldap",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-eldap-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-erl-docgen",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-erl-docgen-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-et",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-et-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-eunit",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-eunit-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-examples",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-gs",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-gs-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-ic",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-ic-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-ic-java",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-inets",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-inets-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-jinterface",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-manpages",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-megaco",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-megaco-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-mnesia",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-mnesia-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-mode",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-nox",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-observer",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-observer-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-odbc",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-odbc-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-os-mon",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-os-mon-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-parsetools",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-parsetools-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-percept",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-percept-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-public-key",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-public-key-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-reltool",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-reltool-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-runtime-tools",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-runtime-tools-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-snmp",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-snmp-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-src",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-ssh",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-ssh-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-ssl",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-ssl-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-syntax-tools",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-syntax-tools-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-test-server",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-test-server-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-tools",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-tools-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-typer",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-typer-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-webtool",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-webtool-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-wx",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-wx-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-x11",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-xmerl",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        },
        {
            "binary_name": "erlang-xmerl-dbgsym",
            "binary_version": "1:18.3-dfsg-1ubuntu3.1"
        }
    ]
}