Medium severity6.8NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026

CVE-2016-4484

Description

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cbnvdPatch
hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.htmlnvdExploitMitigationTechnical DescriptionThird Party Advisory
www.openwall.com/lists/oss-security/2016/11/14/13nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/11/15/1nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/11/15/4nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/11/16/6nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/94315nvd

News mentions

No linked articles in our index yet.

cvss	0.442
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000