2.1
CVE-2011-3149
- EPSS 0.53%
- Veröffentlicht 22.07.2012 17:55:01
- Zuletzt bearbeitet 16.06.2026 23:32:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.406 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/49711
http://security.gentoo.org/glsa/glsa-201206-31.xml
http://secunia.com/advisories/46583
http://www.ubuntu.com/usn/USN-1237-1
http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565