Medium severity6.2NVD Advisory· Published Jun 3, 2016· Updated May 6, 2026
CVE-2016-4804
CVE-2016-4804
Description
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
Affected products
7cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.htmlnvdPatch
- github.com/dosfstools/dosfstools/issues/25nvdPatchVendor Advisory
- github.com/dosfstools/dosfstools/issues/26nvdPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2016-06/msg00001.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-09/msg00014.htmlnvd
- www.securityfocus.com/bid/90311nvd
- www.ubuntu.com/usn/USN-2986-1nvd
- github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52nvd
- lists.debian.org/debian-lts-announce/2020/05/msg00028.htmlnvd
News mentions
0No linked articles in our index yet.