[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-5667Date: (C)2013-01-07   (M)2023-12-22


Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-57033
RHSA-2015:1447
http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
http://openwall.com/lists/oss-security/2012/12/22/6
http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91
http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
https://bugzilla.redhat.com/show_bug.cgi?id=889935

CPE    18
cpe:/a:gnu:grep:2.5.1:a
cpe:/a:gnu:grep:2.5
cpe:/a:gnu:grep:2.4
cpe:/a:gnu:grep:2.3
...
CWE    1
CWE-189
OVAL    4
oval:org.secpod.oval:def:204250
oval:org.secpod.oval:def:1501078
oval:org.secpod.oval:def:1200170
oval:org.secpod.oval:def:501607
...

© SecPod Technologies