Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bc6g-cmyn-7qcp
Vulnerability ID VCID-bc6g-cmyn-7qcp
Aliases CVE-2016-3199
GHSA-vfjw-crcq-q92v
Summary
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.19183 https://api.first.org/data/v1/epss?cve=CVE-2016-3199
epss 0.19183 https://api.first.org/data/v1/epss?cve=CVE-2016-3199
epss 0.19183 https://api.first.org/data/v1/epss?cve=CVE-2016-3199
epss 0.19183 https://api.first.org/data/v1/epss?cve=CVE-2016-3199
cvssv3.1 8.8 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068
generic_textual HIGH https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-vfjw-crcq-q92v
cvssv3.1 8.8 https://github.com/chakra-core/ChakraCore
generic_textual HIGH https://github.com/chakra-core/ChakraCore
cvssv3.1 8.8 https://github.com/chakra-core/ChakraCore/commit/bcd950efee487bdfd73cd1282de4e02e82e62629
generic_textual HIGH https://github.com/chakra-core/ChakraCore/commit/bcd950efee487bdfd73cd1282de4e02e82e62629
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2016-3199
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2016-3199
cvssv3.1 8.8 https://web.archive.org/web/20211129115034/http://www.securitytracker.com/id/1036099
generic_textual HIGH https://web.archive.org/web/20211129115034/http://www.securitytracker.com/id/1036099
cvssv3.1 8.8 http://www.zerodayinitiative.com/advisories/ZDI-16-367
generic_textual HIGH http://www.zerodayinitiative.com/advisories/ZDI-16-367
cvssv3.1 8.8 http://www.zerodayinitiative.com/advisories/ZDI-16-368
generic_textual HIGH http://www.zerodayinitiative.com/advisories/ZDI-16-368
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2016-3199
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068
https://github.com/chakra-core/ChakraCore
https://github.com/chakra-core/ChakraCore/commit/bcd950efee487bdfd73cd1282de4e02e82e62629
https://nvd.nist.gov/vuln/detail/CVE-2016-3199
https://web.archive.org/web/20211129115034/http://www.securitytracker.com/id/1036099
http://www.zerodayinitiative.com/advisories/ZDI-16-367
http://www.zerodayinitiative.com/advisories/ZDI-16-368
GHSA-vfjw-crcq-q92v https://github.com/advisories/GHSA-vfjw-crcq-q92v
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore/commit/bcd950efee487bdfd73cd1282de4e02e82e62629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3199
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20211129115034/http://www.securitytracker.com/id/1036099
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.zerodayinitiative.com/advisories/ZDI-16-367
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.zerodayinitiative.com/advisories/ZDI-16-368
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95502
EPSS Score 0.19183
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-12T01:34:25.569822+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0