Lucene search

[email protected]CVE-2012-2676

HistoryJul 25, 2012 - 7:55 p.m.

CVE-2012-2676

2012-07-2519:55:02

CWE-189

[email protected]

web.nvd.nist.gov

cve-2012-2676

integer overflows

malloc

calloc

hoard

memory-related attacks

buffer overflows

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected.

Affected configurations

NVD

Node

emery_bergerhoardRange≤3.8

CPENameOperatorVersion
emery_berger:hoardemery berger hoardle3.8

CPE	Name	Operator	Version
emery_berger:hoard	emery berger hoard	le	3.8

References

kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/

www.openwall.com/lists/oss-security/2012/06/05/1

www.openwall.com/lists/oss-security/2012/06/07/13

github.com/emeryberger/Hoard/blob/master/NEWS

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2012-2676

nvd1 prion1 cvelist1