CVE-2012-2674 - Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions i

CVE-2012-2674

Summary

Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

References

Vulnerable Configurations

cpe:2.3:a:google:bionic:-:*:*:*:*:android:*:*
cpe:2.3:a:google:bionic:-:*:*:*:*:android:*:*

CVSS

Base:	4.3 (as of 24-08-2012 - 04:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

confirm	https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385
misc	http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
mlist	[oss-security] 20120605 memory allocator upstream patches [oss-security] 20120607 Re: memory allocator upstream patches

Last major update

24-08-2012 - 04:00

Published

25-07-2012 - 19:55

Last modified

24-08-2012 - 04:00