109 matches found
CVE-2012-3406
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...
coreutils security update
CentOS Errata and Security Advisory CESA-2013:1652 Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common...
CVE-2013-0222
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function...
coreutils: segfault in "sort -d" and "sort -M" with long line input
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the sort command, when using the 1 -d or 2 -M switch, which triggers a stack-based buffer overflow in the alloca function...
Low: Red Hat Security Advisory: coreutils security, bug fix, and enhancement update
Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which...
coreutils: segfault in "join -i" with long line input
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function...
coreutils: segfault in uniq with long line input
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function...
Stack overflow
Stack-based buffer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function...
CVE-2012-4424
Stack-based buffer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function...
Oracle Linux 5 : ruby (ELSA-2008-0561)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0561 advisory. - CVE-2008-2376: Integer overflow in rbaryfill. - CVE-2008-2662: Integer overflow in rbstrbufappend. - CVE-2008-2663: Integer overflow in rbarystore. -...
glibc: printf() unbound alloca() usage in case of positional parameters + many format specs
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...
Fedora 17 : glibc-2.15-54.fc17 (2012-11508)
Avoid unbound alloca in vfprintf 841318 Revert patch for BZ696143, it made it impossible to use IPV6 addresses explicitly in getaddrinfo, which in turn broke ssh, apache and other code. 808147 Note that Tenable Network Security has extracted the preceding description block directly from the Fedor...
Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120718)
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca. This...
CentOS Update for glibc CESA-2011:0412 centos5 x86_64
Check for the Version of glibc OpenVAS Vulnerability Test CentOS Update for glibc CESA-2011:0412 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
glibc: printf() unbound alloca() usage in case of positional parameters + many format specs
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...
glibc: printf() unbound alloca() usage in case of positional parameters + many format specs
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...
CVE-2012-3406
The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...
glibc: stack overflow in getaddrinfo()'s use of alloca()
REJECTED CVE This CVE has been rejected. This candidate is a duplicate of CVE-2013-4357. Note: All CVE users should reference CVE-2013-4357 instead of this candidate...
Mandriva Update for tightvnc MDKSA-2007:080 (tightvnc)
Check for the Version of tightvnc OpenVAS Vulnerability Test Mandriva Update for tightvnc MDKSA-2007:080 tightvnc Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Mandriva Update for xorg-x11 MDKSA-2007:079 (xorg-x11)
Check for the Version of xorg-x11 OpenVAS Vulnerability Test Mandriva Update for xorg-x11 MDKSA-2007:079 xorg-x11 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...