4.6
CVE-2012-0065
- EPSS 0.76%
- Veröffentlicht 06.10.2012 21:55:03
- Zuletzt bearbeitet 16.06.2026 23:36:36
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginHeap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nikias Bassen ≫ Usbmuxd Version1.0.5
Nikias Bassen ≫ Usbmuxd Version1.0.6
Nikias Bassen ≫ Usbmuxd Version1.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.503 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://git.marcansoft.com/?p=usbmuxd.git%3Ba=commitdiff%3Bh=f794991993af56a74795891b4ff9da506bc893e6
http://openwall.com/lists/oss-security/2012/01/19/25
http://openwall.com/lists/oss-security/2012/01/19/26
http://secunia.com/advisories/47545
http://www.mandriva.com/security/advisories?name=MDVSA-2012:133
http://www.mandriva.com/security/advisories?name=MDVSA-2013:133
http://www.securityfocus.com/bid/51573
https://bugs.gentoo.org/show_bug.cgi?id=399409
https://exchange.xforce.ibmcloud.com/vulnerabilities/72546
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228