fkie_cve-2012-5667
Vulnerability from fkie_nvd
Published
2013-01-03 11:54
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
References
secalert@redhat.comhttp://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91Patch
secalert@redhat.comhttp://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189Patch
secalert@redhat.comhttp://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
secalert@redhat.comhttp://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
secalert@redhat.comhttp://openwall.com/lists/oss-security/2012/12/22/6
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-1447.html
secalert@redhat.comhttp://www.securityfocus.com/bid/57033
secalert@redhat.comhttps://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=889935
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91Patch
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189Patch
af854a3a-2127-422b-91ae-364da2661108http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2012/12/22/6
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1447.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57033
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=889935
Impacted products
Vendor Product Version
gnu grep *
gnu grep 2.2
gnu grep 2.3
gnu grep 2.4
gnu grep 2.4.1
gnu grep 2.4.2
gnu grep 2.5
gnu grep 2.5.1
gnu grep 2.5.1
gnu grep 2.5.3
gnu grep 2.5.4
gnu grep 2.6
gnu grep 2.6.1
gnu grep 2.6.2
gnu grep 2.6.3
gnu grep 2.7
gnu grep 2.8
gnu grep 2.9


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:grep:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB79442-59A9-4E47-8F4E-5A55F01C0EC4",
              "versionEndIncluding": "2.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4C7727-C33E-48A6-86ED-5089AD66C287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "563A6D81-32C4-4B80-96D3-1AD7BBAFC335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9C9855-2E69-4191-B653-AA413FBEB60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBCFE8E0-6319-4E5A-8FE7-96FD689BAA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB4D9B0A-D171-4DB6-8F40-2F04B0604EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CF8DD8-C3D4-440E-82B0-F7209EE04741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE2F6E3-63A2-4A8B-9046-9353E81720C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "8754E619-694E-4EC8-AD85-E4781CCC68BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E709A76-5882-4E33-8DBE-9C9C07DC1F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E1072B-1506-4650-9983-96E2044C29FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "85739D66-5EBE-46FB-80FA-13C2295319C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "024E63FA-8AF0-4BAB-8857-8212629A937E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F539435-3232-414F-B4C7-690BDC96D33E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34051D6D-BF77-4494-8C25-76F6D906A35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDAC2DD8-0E69-4B30-8292-C9AD74823664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F80043A-BECF-4C94-8BE3-D966873D8053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:grep:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DE47159-054C-47C3-AA62-421967F9DF42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de enteros en GNU Grep antes de v2.11 podr\u00eda permitir a atacantes locales o remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con una larga l\u00ednea de entrada que dispara un desbordamiento de b\u00fafer basado en memoria din\u00e1mica."
    }
  ],
  "id": "CVE-2012-5667",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-03T11:54:25.417",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2012/12/22/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1447.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/57033"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2012/12/22/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1447.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/57033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889935"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.