Miggo Logo

CVE-2016-3630: Mercurial arbitrary code execution vulnerability

8.8

CVSS Score
3.0

Basic Information

EPSS Score
0.89371%
CWE
-
Published
5/14/2022
Updated
9/24/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
mercurialpip< 3.7.33.7.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Mercurial's binary delta decoder. Two critical commits (b6ed2505d6cf and b9714d958e89) address issues in the fixws() function within bdiff.c. The first fixes malloc(0) undefined behavior, the second prevents integer overflow via calloc. These flaws allowed attackers to trigger heap overflows via malicious clone/push/pull operations by exploiting list sizing rounding errors and short records in delta processing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *in*ry **lt* ***o**r in M*r*uri*l ***or* *.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* * (*) *lon*, (*) pus*, or (*) pull *omm*n*, r*l*t** to (*) * list sizin* roun*in* *rror *n* (*) s*ort r**or*s.

Reasoning

T** vuln*r**ility st*ms *rom M*r*uri*l's *in*ry **lt* ***o**r. Two *riti**l *ommits (************ *n* ************) ***r*ss issu*s in t** `*ixws()` *un*tion wit*in `**i**.*`. T** *irst *ix*s `m*llo*(*)` un***in** ****vior, t** s**on* pr*v*nts int***r