4.4

CVE-2012-5667

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGrep Version <= 2.10
GnuGrep Version2.2
GnuGrep Version2.3
GnuGrep Version2.4
GnuGrep Version2.4.1
GnuGrep Version2.4.2
GnuGrep Version2.5
GnuGrep Version2.5.1
GnuGrep Version2.5.1 Updatea
GnuGrep Version2.5.3
GnuGrep Version2.5.4
GnuGrep Version2.6
GnuGrep Version2.6.1
GnuGrep Version2.6.2
GnuGrep Version2.6.3
GnuGrep Version2.7
GnuGrep Version2.8
GnuGrep Version2.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.02% 0.589
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91
Patch
http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
Patch
http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
http://openwall.com/lists/oss-security/2012/12/22/6
http://rhn.redhat.com/errata/RHSA-2015-1447.html
http://www.securityfocus.com/bid/57033
https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
https://bugzilla.redhat.com/show_bug.cgi?id=889935