ALAS-2013-245 ---- gcID: oval:org.secpod.oval:def:1600324 | Date: (C)2016-05-19 (M)2023-07-28 |
Class: PATCH | Family: unix |
It was discovered that gc"s implementation of the malloc and calloc routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc and calloc routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application
Platform: |
Amazon Linux AMI |