4.3

CVE-2013-4332

Exploit
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGlibc Version <= 2.18
GnuGlibc Version2.0
GnuGlibc Version2.0.1
GnuGlibc Version2.0.2
GnuGlibc Version2.0.3
GnuGlibc Version2.0.4
GnuGlibc Version2.0.5
GnuGlibc Version2.0.6
GnuGlibc Version2.1
GnuGlibc Version2.1.1
GnuGlibc Version2.1.1.6
GnuGlibc Version2.1.2
GnuGlibc Version2.1.3
GnuGlibc Version2.1.9
GnuGlibc Version2.10.1
GnuGlibc Version2.11
GnuGlibc Version2.11.1
GnuGlibc Version2.11.2
GnuGlibc Version2.11.3
GnuGlibc Version2.12.1
GnuGlibc Version2.12.2
GnuGlibc Version2.13
GnuGlibc Version2.14
GnuGlibc Version2.14.1
GnuGlibc Version2.15
GnuGlibc Version2.16
GnuGlibc Version2.17
RedhatEnterprise Linux Version5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.61% 0.834
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://security.gentoo.org/glsa/201503-04
http://rhn.redhat.com/errata/RHSA-2013-1605.html
http://secunia.com/advisories/55113
http://www.ubuntu.com/usn/USN-1991-1
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
http://rhn.redhat.com/errata/RHSA-2013-1411.html
http://www.openwall.com/lists/oss-security/2013/09/12/6
Patch
http://www.securityfocus.com/bid/62324
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332
https://sourceware.org/bugzilla/show_bug.cgi?id=15855
Exploit
https://sourceware.org/bugzilla/show_bug.cgi?id=15856
https://sourceware.org/bugzilla/show_bug.cgi?id=15857
Exploit