ID CVE-2012-2676
Summary Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected.
References
Vulnerable Configurations
  • cpe:2.3:a:emery_berger:hoard:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:2.1.2:d:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:2.1.2:d:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:emery_berger:hoard:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:emery_berger:hoard:3.8:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-07-2012 - 04:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
confirm https://github.com/emeryberger/Hoard/blob/master/NEWS
misc http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
mlist
  • [oss-security] 20120605 memory allocator upstream patches
  • [oss-security] 20120607 Re: memory allocator upstream patches
Last major update 30-07-2012 - 04:00
Published 25-07-2012 - 19:55
Last modified 30-07-2012 - 04:00
Back to Top