Lucene search

[email protected]CVE-2012-3368

HistoryJul 03, 2012 - 9:55 p.m.

CVE-2012-3368

2012-07-0321:55:01

CWE-189

[email protected]

web.nvd.nist.gov

cve-2012-3368

integer signedness error

attach.c

dtach 0.8

remote attackers

sensitive information

daemon stack memory

irc client

6.1 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.5%

JSON

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

Affected configurations

NVD

Node

redhatdtachMatch0.8

CPENameOperatorVersion
redhat:dtachredhat dtacheq0.8

CPE	Name	Operator	Version
redhat:dtach	redhat dtach	eq	0.8

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302

sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357

sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812

bugzilla.redhat.com/show_bug.cgi?id=812551

bugzilla.redhat.com/show_bug.cgi?id=835849

6.1 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2012-3368

cvelist1 nvd1 fedora1 openvas2 debiancve1 prion1 ubuntucve1 nessus1