All the vulnerabilites related to gnu - eglibc
Vulnerability from fkie_nvd
Published
2011-04-08 15:17
Modified
2024-11-21 01:25
Severity ?
Summary
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | eglibc | * | |
| gnu | glibc | * | |
| gnu | glibc | 1.00 | |
| gnu | glibc | 1.01 | |
| gnu | glibc | 1.02 | |
| gnu | glibc | 1.03 | |
| gnu | glibc | 1.04 | |
| gnu | glibc | 1.05 | |
| gnu | glibc | 1.06 | |
| gnu | glibc | 1.07 | |
| gnu | glibc | 1.08 | |
| gnu | glibc | 1.09 | |
| gnu | glibc | 1.09.1 | |
| gnu | glibc | 2.0 | |
| gnu | glibc | 2.0.1 | |
| gnu | glibc | 2.0.2 | |
| gnu | glibc | 2.0.3 | |
| gnu | glibc | 2.0.4 | |
| gnu | glibc | 2.0.5 | |
| gnu | glibc | 2.0.6 | |
| gnu | glibc | 2.1 | |
| gnu | glibc | 2.1.1 | |
| gnu | glibc | 2.1.1.6 | |
| gnu | glibc | 2.1.2 | |
| gnu | glibc | 2.1.3 | |
| gnu | glibc | 2.1.3.10 | |
| gnu | glibc | 2.1.9 | |
| gnu | glibc | 2.2 | |
| gnu | glibc | 2.2.1 | |
| gnu | glibc | 2.2.2 | |
| gnu | glibc | 2.2.3 | |
| gnu | glibc | 2.2.4 | |
| gnu | glibc | 2.2.5 | |
| gnu | glibc | 2.3 | |
| gnu | glibc | 2.3.1 | |
| gnu | glibc | 2.3.2 | |
| gnu | glibc | 2.3.3 | |
| gnu | glibc | 2.3.4 | |
| gnu | glibc | 2.3.5 | |
| gnu | glibc | 2.3.6 | |
| gnu | glibc | 2.3.10 | |
| gnu | glibc | 2.4 | |
| gnu | glibc | 2.5 | |
| gnu | glibc | 2.5.1 | |
| gnu | glibc | 2.6 | |
| gnu | glibc | 2.6.1 | |
| gnu | glibc | 2.7 | |
| gnu | glibc | 2.8 | |
| gnu | glibc | 2.9 | |
| gnu | glibc | 2.10 | |
| gnu | glibc | 2.10.1 | |
| gnu | glibc | 2.10.2 | |
| gnu | glibc | 2.11 | |
| gnu | glibc | 2.11.1 | |
| gnu | glibc | 2.11.2 | |
| gnu | glibc | 2.11.3 | |
| gnu | glibc | 2.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:eglibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB89B5AD-38B6-4BB2-A150-90A7807BE024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA47E340-2191-4471-9415-F325A72C9B65",
"versionEndIncluding": "2.12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "AA23C241-132B-423E-A22A-7206A8074D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F79978B1-8831-4169-B815-80138C85832C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "991EB676-F043-418D-BD81-0BB937236D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "AA0C5DB0-602E-4296-884C-60E24FC80458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "3211F47C-DF6D-4355-95F8-DED317700621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "229BFD88-A90F-4D2B-97B9-822A7D87EAEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE253B0-D8E0-4099-8CA7-8925B4809F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "D640F556-8181-4F15-B2F7-7EC7E8869FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "061383CD-B9AD-41C6-8C46-F79870B9CD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "9897B03F-A457-4B29-9C5E-FEA084D3BF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C3684B-CE01-46B5-9E41-BF58E6A5AA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFD93D5-70BB-475C-BDD3-DEDE9965C5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F23D2F-A01F-4949-A917-D1164E14EAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64576C9A-FCD9-4410-B590-AB43F9F85D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "229AC4E3-AFBA-4EF4-8534-8FBE1E630253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B91503A-E8DC-4DFF-98D4-687B5AE41438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "241A4B59-7BBC-4656-93AC-7DD8BE29EB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00D0DBDC-1559-406D-AADC-12B5ABDD2BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5294FCC-3933-4CD5-8DFE-BCDC00F4BD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CA3E33-7CC6-4AC5-999A-3C46D7FD14A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAADC158-B7EF-4135-B383-0DA43065B43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "261A4A17-3B9E-46E6-897B-DB0C8358A1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAC8483-5060-428B-8D8E-C30E5823BB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44A511B6-72EC-4200-8C1C-BDE30BC2431A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B03C644D-0EF9-4586-96D5-5DEE78D9D5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "47AD8A88-DAF0-4206-8661-70075BA2AE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42AD17CD-545F-425A-92CF-0EE5F5B5F74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0B9503-9AD0-4A1A-BD4F-4B902BFC8E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0660536D-7F82-4B91-8B84-704D26FE989F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E2037E8C-43E8-4121-B877-1834282ACD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCA5E85-9AFA-429A-AC51-8D8EC2841330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D41ABE25-DECD-4068-93DA-0B85281FD93A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "84600406-0CE2-46EA-A5AD-4CC0D3494AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A96FA9ED-7529-440D-984D-6340B94D8243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D70AB0-2910-4191-9980-5BA78E8F2E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A93600D-7271-4AF5-8133-C6AA5BC8543F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B4AFFF-A537-44BD-B97A-EFA9409DB8BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a \"stack extension attack,\" a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome."
},
{
"lang": "es",
"value": "La Biblioteca C (tambi\u00e9n se conoce como glibc o libc6) anterior a versi\u00f3n 2.12.2 y Embedded GLIBC (EGLIBC), de GNU, permiten a los atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (consumo de memoria) por medio de una cadena UTF8 larga que es usada en una funci\u00f3n llamada fnmatch, tambi\u00e9n se conoce como \"stack extension attack,\" un problema relacionado con CVE-2010-2898, CVE-2010-1917 y CVE-2007-4782, como se inform\u00f3 originalmente para el uso de esta biblioteca por Google Chrome."
}
],
"id": "CVE-2011-1071",
"lastModified": "2024-11-21T01:25:27.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-08T15:17:27.650",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/615120"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=48733"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/26/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/11"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/28/15"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/635"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/644"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43830"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43989"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46397"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8175"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025290"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11883"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46563"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0863"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/615120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=48733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/26/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/28/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-04 17:55
Modified
2024-11-21 01:56
Severity ?
Summary
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| gnu | glibc | 2.0 | |
| gnu | glibc | 2.0.1 | |
| gnu | glibc | 2.0.2 | |
| gnu | glibc | 2.0.3 | |
| gnu | glibc | 2.0.4 | |
| gnu | glibc | 2.0.5 | |
| gnu | glibc | 2.0.6 | |
| gnu | glibc | 2.1 | |
| gnu | glibc | 2.1.1 | |
| gnu | glibc | 2.1.1.6 | |
| gnu | glibc | 2.1.2 | |
| gnu | glibc | 2.1.3 | |
| gnu | glibc | 2.1.9 | |
| gnu | glibc | 2.4 | |
| gnu | glibc | 2.10.1 | |
| gnu | glibc | 2.11 | |
| gnu | glibc | 2.11.1 | |
| gnu | glibc | 2.11.2 | |
| gnu | glibc | 2.11.3 | |
| gnu | glibc | 2.12.1 | |
| gnu | glibc | 2.12.2 | |
| gnu | glibc | 2.13 | |
| gnu | glibc | 2.14 | |
| gnu | glibc | 2.14.1 | |
| gnu | glibc | 2.15 | |
| gnu | glibc | 2.16 | |
| gnu | eglibc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80EA2A91-4CBF-4AF4-9776-BF9EFDA67CDF",
"versionEndIncluding": "2.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42AD17CD-545F-425A-92CF-0EE5F5B5F74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37880948-2AB5-491A-85E2-B7E271E03B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8E0DCD-8D39-4C89-9B4C-37025D9BE3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD5D113-EF53-4690-92AC-B6E54D70AA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92B1C39D-1183-4FAE-85C2-D1DC7AA6F431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "733A1711-D2FC-45C6-9542-893860851F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4CFA8E-9892-4DDA-9DB2-581711E974A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:eglibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB89B5AD-38B6-4BB2-A150-90A7807BE024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address."
},
{
"lang": "es",
"value": "La implementaci\u00f3n PTR_MANGLE en la GNU C Library (librer\u00eda tambi\u00e9n conocida como glibc o libc6) 2.4, 2.17 y versiones anteriores y Embedded GLIBC (EGLIBC) no inicia el valor aleatorio para la guardia de puntero, lo que facilita a atacantes dependientes del contexto controlar la ejecuci\u00f3n de flujo aprovechando una vulnerabilidad de desbordamiento de b\u00fafer en una aplicaci\u00f3n y utilizando el valor cero conocido guardia de puntero para calcular la direcci\u00f3n de puntero."
}
],
"evaluatorComment": "Additional information that was taken into consideration while scoring:\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=985625",
"id": "CVE-2013-4788",
"lastModified": "2024-11-21T01:56:24.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-04T17:55:09.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hmarco.org/bugs/CVE-2013-4788.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Sep/23"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/15/9"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61183"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hmarco.org/bugs/CVE-2013-4788.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Sep/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/15/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201503-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-27 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC02B2-EEB1-40EA-ADE5-479ED3FC11A7",
"versionEndIncluding": "2.12.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "18F57529-10DF-447A-8C53-DD4B1C2AA21E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:eglibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860D5A05-DC7D-4CB7-A22A-3C7DD8E0897D",
"versionEndIncluding": "2.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function."
},
{
"lang": "es",
"value": "Error de signo de enteros en Glibc anterior a 2.13 y eglibc anterior a 2.13, cuando utiliza la optimizaci\u00f3n Supplemental Streaming SIMD Extensions 3 (SSSE3), permite a atacantes dependientes de contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un par\u00e1metro de longitud negativo en (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, o (3) memset-sse2.S en sysdeps/i386/i686/multiarch/, lo que provoca una lectura fuera de rango, tal y como fue demostrado mediante el uso de la funci\u00f3n memcpy."
}
],
"id": "CVE-2011-2702",
"lastModified": "2024-11-21T01:28:47.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-27T20:55:22.313",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2011/q3/123"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2011/q3/153"
},
{
"source": "secalert@redhat.com",
"url": "http://www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLog?view=markup\u0026pathrev=10032"
},
{
"source": "secalert@redhat.com",
"url": "http://www.nodefense.org/eglibc.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/80718"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=706915"
},
{
"source": "secalert@redhat.com",
"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2011/q3/123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2011/q3/153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLog?view=markup\u0026pathrev=10032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nodefense.org/eglibc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/80718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=706915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6e"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2011-1071
Vulnerability from cvelistv5
Published
2011-04-08 15:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46563",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46563"
},
{
"name": "8175",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "RHSA-2011:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
},
{
"name": "ADV-2011-0863",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/615120"
},
{
"name": "43989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43989"
},
{
"name": "1025290",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11883"
},
{
"name": "43492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43492"
},
{
"name": "[oss-security] 20110228 cve request: eglibc memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/26/3"
},
{
"name": "oval:org.mitre.oval:def:12853",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853"
},
{
"name": "[oss-security] 20110228 Re: cve request: eglibc memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/11"
},
{
"name": "20110224 glibc and alloca()",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/635"
},
{
"name": "20110226 Re: glibc and alloca()",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/644"
},
{
"name": "MDVSA-2011:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
},
{
"name": "43830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43830"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6"
},
{
"name": "RHSA-2011:0413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110228 Re: cve request: eglibc memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=48733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a \"stack extension attack,\" a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46563",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46563"
},
{
"name": "8175",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "RHSA-2011:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
},
{
"name": "ADV-2011-0863",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/615120"
},
{
"name": "43989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43989"
},
{
"name": "1025290",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11883"
},
{
"name": "43492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43492"
},
{
"name": "[oss-security] 20110228 cve request: eglibc memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/26/3"
},
{
"name": "oval:org.mitre.oval:def:12853",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853"
},
{
"name": "[oss-security] 20110228 Re: cve request: eglibc memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/11"
},
{
"name": "20110224 glibc and alloca()",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/635"
},
{
"name": "20110226 Re: glibc and alloca()",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Feb/644"
},
{
"name": "MDVSA-2011:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
},
{
"name": "43830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43830"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6"
},
{
"name": "RHSA-2011:0413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110228 Re: cve request: eglibc memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=48733"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1071",
"datePublished": "2011-04-08T15:00:00",
"dateReserved": "2011-02-24T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2702
Vulnerability from cvelistv5
Published
2014-10-27 20:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=706915 | x_refsource_MISC | |
| http://seclists.org/oss-sec/2011/q3/123 | mailing-list, x_refsource_MLIST | |
| http://xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/ | x_refsource_MISC | |
| http://www.nodefense.org/eglibc.txt | x_refsource_MISC | |
| http://seclists.org/oss-sec/2011/q3/153 | mailing-list, x_refsource_MLIST | |
| https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6e | x_refsource_CONFIRM | |
| http://www.osvdb.org/80718 | vdb-entry, x_refsource_OSVDB | |
| http://www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLog?view=markup&pathrev=10032 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=706915"
},
{
"name": "[oss-security] 20110718 CVE id request: (e)glibc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2011/q3/123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nodefense.org/eglibc.txt"
},
{
"name": "[oss-security] 20110720 Re: CVE id request: (e)glibc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2011/q3/153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6e"
},
{
"name": "80718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/80718"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLog?view=markup\u0026pathrev=10032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-27T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=706915"
},
{
"name": "[oss-security] 20110718 CVE id request: (e)glibc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2011/q3/123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nodefense.org/eglibc.txt"
},
{
"name": "[oss-security] 20110720 Re: CVE id request: (e)glibc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2011/q3/153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6e"
},
{
"name": "80718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/80718"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLog?view=markup\u0026pathrev=10032"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2702",
"datePublished": "2014-10-27T20:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4788
Vulnerability from cvelistv5
Published
2013-10-04 17:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Sep/23 | mailing-list, x_refsource_FULLDISC | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.openwall.com/lists/oss-security/2013/07/15/9 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/61183 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201503-04 | vendor-advisory, x_refsource_GENTOO | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 | vendor-advisory, x_refsource_MANDRIVA | |
| http://hmarco.org/bugs/CVE-2013-4788.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150907 Glibc Pointer guarding weakness",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/23"
},
{
"name": "MDVSA-2013:284",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"name": "[oss-security] 20130716 Re: CVE-2013-4788 - Eglibc PTR MANGLE bug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/15/9"
},
{
"name": "61183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61183"
},
{
"name": "GLSA-201503-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "MDVSA-2013:283",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hmarco.org/bugs/CVE-2013-4788.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150907 Glibc Pointer guarding weakness",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/23"
},
{
"name": "MDVSA-2013:284",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"name": "[oss-security] 20130716 Re: CVE-2013-4788 - Eglibc PTR MANGLE bug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/15/9"
},
{
"name": "61183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61183"
},
{
"name": "GLSA-201503-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "MDVSA-2013:283",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hmarco.org/bugs/CVE-2013-4788.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150907 Glibc Pointer guarding weakness",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/23"
},
{
"name": "MDVSA-2013:284",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"name": "[oss-security] 20130716 Re: CVE-2013-4788 - Eglibc PTR MANGLE bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/15/9"
},
{
"name": "61183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61183"
},
{
"name": "GLSA-201503-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "MDVSA-2013:283",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"name": "http://hmarco.org/bugs/CVE-2013-4788.html",
"refsource": "MISC",
"url": "http://hmarco.org/bugs/CVE-2013-4788.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4788",
"datePublished": "2013-10-04T17:00:00",
"dateReserved": "2013-07-10T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}