FKIE_CVE-2012-5667

Vulnerability from fkie_nvd - Published: 2013-01-03 11:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
References
secalert@redhat.comhttp://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91Patch
secalert@redhat.comhttp://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189Patch
secalert@redhat.comhttp://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
secalert@redhat.comhttp://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
secalert@redhat.comhttp://openwall.com/lists/oss-security/2012/12/22/6
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-1447.html
secalert@redhat.comhttp://www.securityfocus.com/bid/57033
secalert@redhat.comhttps://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=889935
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91Patch
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189Patch
af854a3a-2127-422b-91ae-364da2661108http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2012/12/22/6
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1447.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57033
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=889935
Impacted products
Vendor Product Version
gnu grep *
gnu grep 2.2
gnu grep 2.3
gnu grep 2.4
gnu grep 2.4.1
gnu grep 2.4.2
gnu grep 2.5
gnu grep 2.5.1
gnu grep 2.5.1
gnu grep 2.5.3
gnu grep 2.5.4
gnu grep 2.6
gnu grep 2.6.1
gnu grep 2.6.2
gnu grep 2.6.3
gnu grep 2.7
gnu grep 2.8
gnu grep 2.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:grep:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB79442-59A9-4E47-8F4E-5A55F01C0EC4",
              "versionEndIncluding": "2.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4C7727-C33E-48A6-86ED-5089AD66C287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "563A6D81-32C4-4B80-96D3-1AD7BBAFC335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9C9855-2E69-4191-B653-AA413FBEB60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBCFE8E0-6319-4E5A-8FE7-96FD689BAA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB4D9B0A-D171-4DB6-8F40-2F04B0604EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CF8DD8-C3D4-440E-82B0-F7209EE04741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE2F6E3-63A2-4A8B-9046-9353E81720C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "8754E619-694E-4EC8-AD85-E4781CCC68BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E709A76-5882-4E33-8DBE-9C9C07DC1F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E1072B-1506-4650-9983-96E2044C29FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "85739D66-5EBE-46FB-80FA-13C2295319C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "024E63FA-8AF0-4BAB-8857-8212629A937E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F539435-3232-414F-B4C7-690BDC96D33E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34051D6D-BF77-4494-8C25-76F6D906A35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDAC2DD8-0E69-4B30-8292-C9AD74823664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F80043A-BECF-4C94-8BE3-D966873D8053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DE47159-054C-47C3-AA62-421967F9DF42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de enteros en GNU Grep antes de v2.11 podr\u00eda permitir a atacantes locales o remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con una larga l\u00ednea de entrada que dispara un desbordamiento de b\u00fafer basado en memoria din\u00e1mica."
    }
  ],
  "id": "CVE-2012-5667",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-03T11:54:25.417",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2012/12/22/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1447.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/57033"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2012/12/22/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1447.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/57033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889935"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.