{"id":"CVE-2016-2090","details":"Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.","modified":"2026-03-15T21:50:22.181919Z","published":"2017-01-13T16:59:00.167Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIQKQ42Z7553D46QY3IMIQKS52QTNIHY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KJE5SPSX7HEKLZ34LUTZLXWPEL2K353/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201607-13"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4243-1/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/01/28/5"},{"type":"ADVISORY","url":"https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html"},{"type":"REPORT","url":"https://bugs.freedesktop.org/show_bug.cgi?id=93881"},{"type":"FIX","url":"https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2090.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"24"}]},{"events":[{"introduced":"0"},{"last_affected":"25"}]},{"events":[{"introduced":"0"},{"fixed":"0.8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}