1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | systemtap | < 1.0-2 | systemtap_1.0-2_all.deb |
Debian | 11 | all | systemtap | < 1.0-2 | systemtap_1.0-2_all.deb |
Debian | 10 | all | systemtap | < 1.0-2 | systemtap_1.0-2_all.deb |
Debian | 999 | all | systemtap | < 1.0-2 | systemtap_1.0-2_all.deb |
Debian | 13 | all | systemtap | < 1.0-2 | systemtap_1.0-2_all.deb |