MGASA-2016-0395
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 21 Nov 2016, 22:18
Last modified:16 Apr 2026, 06:25
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Nov 2016, 22:18
Published
Vulnerability first disclosed
16 Apr 2026, 06:25
Last Modified
Vulnerability information updated
Description
Updated tre packages fix security vulnerability The TRE library allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression (CVE-2015-3796). A vulnerability has been found in the tre package that could allow an attacker to perform controlled heap corruption (CVE-2016-8859).
Affected Systems
- mageia•tre
< 0.8.0-12.1.mga5