{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-02T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"}, {"name": "90975", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90975"}, {"name": "1036006", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036006"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2016-16"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4359", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"}, {"name": "90975", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90975"}, {"name": "1036006", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036006"}, {"name": "https://www.tenable.com/security/research/tra-2016-16", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2016-16"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-363", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:25:14.523Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"}, {"name": "90975", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/90975"}, {"name": "1036006", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036006"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2016-16"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4359", "datePublished": "2016-06-08T14:00:00", "dateReserved": "2016-04-29T00:00:00", "dateUpdated": "2024-08-06T00:25:14.523Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*", "matchCriteriaId": "EA41E4F9-3325-4665-A433-BDAA02621F13", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*", "matchCriteriaId": "58DEE82F-A703-4F0D-96D4-47E6DEC473BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*", "matchCriteriaId": "5B9BA232-B8DD-4EC9-991F-06E73774A156", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*", "matchCriteriaId": "F7226CD8-1528-4C5B-825D-2569D025808C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:loadrunner:12.50:p1:*:*:*:*:*:*", "matchCriteriaId": "8FBCB098-3822-4C54-AA84-7C7E5751B929", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*", "matchCriteriaId": "4BACEBCB-93A4-4C8C-90DD-3D233BF9B128", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*", "matchCriteriaId": "27EAC034-46D2-41A8-A3F5-7ABDCC7E9457", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*", "matchCriteriaId": "B0DEA9F8-EF3D-4C7F-B6B9-F9A33341E9A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*", "matchCriteriaId": "F7FCF452-A5B1-4CB5-BD02-785670A04E82", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*", "matchCriteriaId": "235AB949-A179-48FC-BFAA-7796578E430D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en el agente mchan.dll en HPE LoadRunner 11.52 hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.02 hasta el parche 2 y 12.50 hasta el parche 3 y Performance Center 11.52hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.20 hasta el parche 2 y 12.50 hasta el parche 1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor long -server_name, tambi\u00e9n conocido como ZDI-CAN-3516."}], "id": "CVE-2016-4359", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-08T14:59:37.797", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/90975"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036006"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"}, {"source": "cve@mitre.org", "url": "https://www.tenable.com/security/research/tra-2016-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/90975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tenable.com/security/research/tra-2016-16"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}