Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2015-598
HistorySep 22, 2015 - 10:00 a.m.

Low: grep

2015-09-2210:00:00
alas.aws.amazon.com
16

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.8%

JSON

Issue Overview:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667)

A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345)

Affected Packages:

grep

Issue Correction:
Run yum update grep to update your system.

New Packages:

i686:  
    grep-2.20-1.14.amzn1.i686  
    grep-debuginfo-2.20-1.14.amzn1.i686  
  
src:  
    grep-2.20-1.14.amzn1.src  
  
x86_64:  
    grep-debuginfo-2.20-1.14.amzn1.x86_64  
    grep-2.20-1.14.amzn1.x86_64

Additional References

Red Hat: CVE-2012-5667, CVE-2015-1345

Mitre: CVE-2012-5667, CVE-2015-1345

Related

nessus 16
openvas 8
veracode 2
oraclelinux 2
redhat 2
ibm 5
centos 2
zdt 2
ubuntucve 2
gentoo 2
nvd 2
debiancve 2
prion 2
cve 2
seebug 1
cvelist 2
packetstorm 1
f5 2
exploitpack 1
archlinux 1
amazon 1
exploitdb 1
nessus
nessus
Amazon Linux AMI : grep (ALAS-2015-598)
2015-09-23 00:00:00
RHEL 6 : grep (RHSA-2015:1447)
2015-07-23 00:00:00
CentOS 6 : grep (CESA-2015:1447)
2015-07-28 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-1447)
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-598)
2015-09-25 00:00:00
RedHat Update for grep RHSA-2015:1447-01
2015-07-23 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Heap Out-of-Bounds (OOB) Read
2019-05-02 05:41:03
Arbitrary Code Execution
2019-01-15 09:06:47
oraclelinux
oraclelinux
grep security, bug fix, and enhancement update
2015-07-28 00:00:00
grep security and bug fix update
2015-11-23 00:00:00
redhat
redhat
(RHSA-2015:1447) Low: grep security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2015:2111) Low: grep security and bug fix update
2015-11-19 14:39:52
ibm
ibm
Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345)
2018-06-16 21:38:15
Security Bulletin: Multiple vulnerabilities in GNU grep affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1345, CVE-2012-5667)
2018-06-17 22:32:53
Security Bulletin: Grep vulnerabilities affect IBM SmartCloud Entry (CVE-2012-5667)
2020-07-19 00:49:12
centos
centos
grep security update
2015-07-26 14:11:37
grep security update
2015-11-30 19:32:57
zdt
zdt
Grep < 2.11 Integer Overflow Crash PoC
2012-12-31 00:00:00
Grep <2.11 INT overflow, DoS, CMD Execution
2012-12-30 00:00:00
ubuntucve
ubuntucve
CVE-2012-5667
2013-01-03 00:00:00
CVE-2015-1345
2015-02-12 00:00:00
gentoo
gentoo
grep: User-assisted execution of arbitrary code
2014-03-26 00:00:00
grep: Denial of service
2015-02-25 00:00:00
nvd
nvd
CVE-2012-5667
2013-01-03 11:54:25
CVE-2015-1345
2015-02-12 16:59:03
debiancve
debiancve
CVE-2012-5667
2013-01-03 11:54:25
CVE-2015-1345
2015-02-12 16:59:03
prion
prion
Integer overflow
2013-01-03 11:54:00
Out-of-bounds
2015-02-12 16:59:00
cve
cve
CVE-2012-5667
2013-01-03 11:54:25
CVE-2015-1345
2015-02-12 16:59:03
seebug
seebug
Grep < 2.11 Integer Overflow Crash PoC
2014-07-01 00:00:00
cvelist
cvelist
CVE-2012-5667
2013-01-03 11:00:00
CVE-2015-1345
2015-02-12 16:00:00
packetstorm
packetstorm
Grep Integer Overflow
2012-12-31 00:00:00
f5
f5
K69662152 : Grep vulnerability CVE-2012-5667
2017-06-29 00:00:00
K42891424 : Grep vulnerability CVE-2015-1345
2017-06-29 00:00:00
exploitpack
exploitpack
Grep 2.11 - Integer Overflow Crash (PoC)
2012-12-31 00:00:00
archlinux
archlinux
grep: denial of service
2015-03-05 00:00:00
amazon
amazon
Low: grep
2016-01-18 11:00:00
exploitdb
exploitdb
Grep &lt; 2.11 - Integer Overflow Crash (PoC)
2012-12-31 00:00:00

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.8%

JSON
Related for ALAS-2015-598
nessus16openvas8veracode2oraclelinux2redhat2ibm5centos2zdt2ubuntucve2gentoo2nvd2debiancve2prion2cve2seebug1cvelist2packetstorm1f52exploitpack1archlinux1amazon1exploitdb1