CRITICAL
Canonical
CVE published 2017-01-13
CVE-2016-2090
CVE-2016-2090 is a critical memory-safety flaw in libbsd’s fgetwln function. The NVD record describes an off-by-one condition that can lead to a heap-based buffer overflow in libbsd before 0.8.2, with a CVSS 3.1 score of 9.8 and network-reachable, no-authentication conditions in the published vector.