Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8pqh-96h7-qkcf
Vulnerability ID VCID-8pqh-96h7-qkcf
Aliases CVE-2016-3382
GHSA-92j2-gg59-4572
Summary
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.17771 https://api.first.org/data/v1/epss?cve=CVE-2016-3382
epss 0.17771 https://api.first.org/data/v1/epss?cve=CVE-2016-3382
epss 0.17771 https://api.first.org/data/v1/epss?cve=CVE-2016-3382
epss 0.17771 https://api.first.org/data/v1/epss?cve=CVE-2016-3382
cvssv3.1 7.5 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118
generic_textual HIGH https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118
cvssv3.1 7.5 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119
generic_textual HIGH https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-92j2-gg59-4572
cvssv3.1 7.5 https://github.com/chakra-core/ChakraCore
generic_textual HIGH https://github.com/chakra-core/ChakraCore
cvssv3.1 7.5 https://github.com/chakra-core/ChakraCore/commit/f05c42e64c3b2d057ae1a52fe1917af26c9f2737
generic_textual HIGH https://github.com/chakra-core/ChakraCore/commit/f05c42e64c3b2d057ae1a52fe1917af26c9f2737
cvssv3.1 7.5 https://github.com/chakra-core/ChakraCore/pull/1737
generic_textual HIGH https://github.com/chakra-core/ChakraCore/pull/1737
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-3382
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2016-3382
cvssv3.1 7.5 https://web.archive.org/web/20210123174540/http://www.securityfocus.com/bid/93386
generic_textual HIGH https://web.archive.org/web/20210123174540/http://www.securityfocus.com/bid/93386
cvssv3.1 7.5 https://web.archive.org/web/20210515045943/http://www.securitytracker.com/id/1036992
generic_textual HIGH https://web.archive.org/web/20210515045943/http://www.securitytracker.com/id/1036992
cvssv3.1 7.5 https://web.archive.org/web/20211208062350/http://www.securitytracker.com/id/1036993
generic_textual HIGH https://web.archive.org/web/20211208062350/http://www.securitytracker.com/id/1036993
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2016-3382
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119
https://github.com/chakra-core/ChakraCore
https://github.com/chakra-core/ChakraCore/commit/f05c42e64c3b2d057ae1a52fe1917af26c9f2737
https://github.com/chakra-core/ChakraCore/pull/1737
https://nvd.nist.gov/vuln/detail/CVE-2016-3382
https://web.archive.org/web/20210123174540/http://www.securityfocus.com/bid/93386
https://web.archive.org/web/20210515045943/http://www.securitytracker.com/id/1036992
https://web.archive.org/web/20211208062350/http://www.securitytracker.com/id/1036993
GHSA-92j2-gg59-4572 https://github.com/advisories/GHSA-92j2-gg59-4572
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore/commit/f05c42e64c3b2d057ae1a52fe1917af26c9f2737
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore/pull/1737
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3382
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210123174540/http://www.securityfocus.com/bid/93386
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210515045943/http://www.securitytracker.com/id/1036992
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20211208062350/http://www.securitytracker.com/id/1036993
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95273
EPSS Score 0.17771
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-12T01:34:28.850297+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0