CVE-2005-4895 - Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for con

CVE-2005-4895

Summary

Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

References

Vulnerable Configurations

cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*
cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*
cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*
cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*
cpe:2.3:a:csilvers:gperftools:0.3:*:*:*:*:*:*:*
cpe:2.3:a:csilvers:gperftools:0.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-08-2012 - 04:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm	http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog
misc	http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/

Last major update

09-08-2012 - 04:00

Published

25-07-2012 - 19:55

Last modified

09-08-2012 - 04:00