Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201403-07
HistoryMar 26, 2014 - 12:00 a.m.

grep: User-assisted execution of arbitrary code

2014-03-2600:00:00
Gentoo Foundation
security.gentoo.org
18

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.007

Percentile

80.0%

JSON

Background

grep is the GNU regular expression matcher.

Description

An integer overflow flaw has been discovered in grep.

Impact

An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All grep users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/grep-2.12"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-apps/grep< 2.12UNKNOWN

Related

seebug 1
nessus 8
cvelist 1
cve 1
veracode 2
ibm 4
nvd 1
prion 1
debiancve 1
zdt 2
ubuntucve 1
openvas 4
exploitpack 1
f5 1
packetstorm 1
exploitdb 1
redhat 1
oraclelinux 1
centos 1
amazon 1
seebug
seebug
Grep < 2.11 Integer Overflow Crash PoC
2014-07-01 00:00:00
nessus
nessus
F5 Networks BIG-IP : Grep vulnerability (K69662152)
2017-06-29 00:00:00
Oracle Solaris Third-Party Patch Update : grep (cve_2012_5667_heap_buffer)
2015-01-19 00:00:00
GLSA-201403-07 : grep: User-assisted execution of arbitrary code
2014-03-27 00:00:00
cvelist
cvelist
CVE-2012-5667
2013-01-03 11:00:00
cve
cve
CVE-2012-5667
2013-01-03 11:54:25
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:06:47
Denial Of Service (DoS) Through Heap Out-of-Bounds (OOB) Read
2019-05-02 05:41:03
ibm
ibm
Security Bulletin: Grep vulnerabilities affect IBM SmartCloud Entry (CVE-2012-5667)
2020-07-19 00:49:12
Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345)
2018-06-16 21:38:15
Security Bulletin: Multiple vulnerabilities in GNU grep affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1345, CVE-2012-5667)
2018-06-17 22:32:53
nvd
nvd
CVE-2012-5667
2013-01-03 11:54:25
prion
prion
Integer overflow
2013-01-03 11:54:00
debiancve
debiancve
CVE-2012-5667
2013-01-03 11:54:25
zdt
zdt
Grep <2.11 INT overflow, DoS, CMD Execution
2012-12-30 00:00:00
Grep < 2.11 Integer Overflow Crash PoC
2012-12-31 00:00:00
ubuntucve
ubuntucve
CVE-2012-5667
2013-01-03 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201403-07
2015-09-29 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-598)
2015-09-25 00:00:00
RedHat Update for grep RHSA-2015:1447-01
2015-07-23 00:00:00
exploitpack
exploitpack
Grep 2.11 - Integer Overflow Crash (PoC)
2012-12-31 00:00:00
f5
f5
K69662152 : Grep vulnerability CVE-2012-5667
2017-06-29 00:00:00
packetstorm
packetstorm
Grep Integer Overflow
2012-12-31 00:00:00
exploitdb
exploitdb
Grep &lt; 2.11 - Integer Overflow Crash (PoC)
2012-12-31 00:00:00
redhat
redhat
(RHSA-2015:1447) Low: grep security, bug fix, and enhancement update
2015-07-22 00:00:00
oraclelinux
oraclelinux
grep security, bug fix, and enhancement update
2015-07-28 00:00:00
centos
centos
grep security update
2015-07-26 14:11:37
amazon
amazon
Low: grep
2015-09-22 10:00:00

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.007

Percentile

80.0%

JSON
Related for GLSA-201403-07
seebug1nessus8cvelist1cve1veracode2ibm4nvd1prion1debiancve1zdt2ubuntucve1openvas4exploitpack1f51packetstorm1exploitdb1redhat1oraclelinux1centos1amazon1