Lucene search

K
cve[email protected]CVE-2012-3368
HistoryJul 03, 2012 - 9:55 p.m.

CVE-2012-3368

2012-07-0321:55:01
CWE-189
web.nvd.nist.gov
20
cve-2012-3368
integer signedness error
attach.c
dtach 0.8
remote attackers
sensitive information
daemon stack memory
irc client

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

Affected configurations

NVD
Node
redhatdtachMatch0.8
CPENameOperatorVersion
redhat:dtachredhat dtacheq0.8

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%