Critical severity9.1NVD Advisory· Published Aug 19, 2016· Updated May 6, 2026

CVE-2016-6254

Description

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

Affected products

Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Collectd/Collectd
cpe:2.3:a:collectd:collectd:*:*:*:*:*:*:*:*
Range: >=5.4.0,<5.4.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18nvdPatchThird Party Advisory
collectd.org/news.shtmlnvdRelease NotesVendor Advisory
www.debian.org/security/2016/dsa-3636nvdThird Party Advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CM4W5SJ4OTBGINGIN4NJLXCUZAZANO6J/nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZ5UXDOB7BA5NGE2F2I2BL4K6763DHW/nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000