vulnerability

FreeBSD: mercurial -- multiple vulnerabilities (Multiple CVEs)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Mar 29, 2016	Mar 30, 2016	Jul 28, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Mar 29, 2016

Added

Mar 30, 2016

Modified

Jul 28, 2025

Description

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

Solution

freebsd-upgrade-package-mercurial

References

CVE-2016-3068
https://attackerkb.com/topics/CVE-2016-3068
CVE-2016-3069
https://attackerkb.com/topics/CVE-2016-3069
CVE-2016-3630
https://attackerkb.com/topics/CVE-2016-3630
DEBIAN-DSA-3542
https://www.mercurial-scm.org/pipermail/mercurial/2016-March/049452.html

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report