Multiple vulnerability in GNU grep affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance.
CVEID: CVE-2015-1345 DESCRIPTION: GNU grep is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by an error in kwset.c. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2012-5667 DESCRIPTION: GNU grep is vulnerable to a heap-based buffer overflow, caused by an integer overflow when parsing very long lines. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/80811 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance
If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm service agility accelerator for cloud | eq | 2.1 |