18 matches found
EUVD-2015-1608
Malware in sbrugna...
CVE-2021-33910
A flaw was found in systemd. The use of alloca function with an uncontrolled size in function unitnamepathescape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. The highest threat from th...
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command when using the -i switch which triggers a stack-based buffer overflow in the alloca function.
...
Denial Of Service (DoS)
The coreutils package contains the core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages. It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those...
CVE-2015-1473
CVE-2015-1473 affects the GNU C Library (glibc) prior to version 2.21, arising from the ADDW macro in stdio-common/vfscanf.c not properly factoring data-type size when using alloca in a wscanf path. This can allow context-dependent attackers to cause a denial of service (segmentation fault) or ov...
F5 Networks BIG-IP : GNU C Library (glibc) vulnerability (SOL16364)
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...
GNU TAR <= 1.15.91 and CPIO <= 2.5.90 safer_name_suffix Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26445/info GNU's tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the 'alloca' function. Successfully exploiting this issue allows attackers to crash the affected utilities...
CVE-2012-3406
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...
coreutils security update
CentOS Errata and Security Advisory CESA-2013:1652 Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common...
CVE-2013-0222
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function...
coreutils: segfault in "join -i" with long line input
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function...
Low: Red Hat Security Advisory: coreutils security, bug fix, and enhancement update
Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which...
coreutils: segfault in uniq with long line input
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function...
Stack overflow
Stack-based buffer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function...
CVE-2012-4424
Stack-based buffer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function...
CVE-2012-3406
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...
GNU TAR 1.15.91 CPIO 2.5.90 - safer_name_suffix Remote Denial of Service
GNU TAR 1.15.91 CPIO 2.5.90 - safernamesuffix Remote Denial of Service // source: https://www.securityfocus.com/bid/26445/info GNU's tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the 'alloca' function. Successfully exploiting this issue allows...
gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability
SecurityFocus reports: GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca function. Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed...