Lucene search

Ubuntu.comUB:CVE-2011-2702

HistoryJul 20, 2011 - 12:00 a.m.

CVE-2011-2702

2011-07-2000:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when
using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows
context-dependent attackers to execute arbitrary code via a negative length
parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3)
memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an
out-of-bounds read, as demonstrated using the memcpy function.

Notes

Author	Note
jdstrand	Ubuntu 10.10 have the corrected code

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarcheglibc< 2.11.1-0ubuntu7.10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	eglibc	< 2.11.1-0ubuntu7.10	UNKNOWN

References

www.nodefense.org/eglibc.txt

launchpad.net/bugs/cve/CVE-2011-2702

nvd.nist.gov/vuln/detail/CVE-2011-2702

security-tracker.debian.org/tracker/CVE-2011-2702

ubuntu.com/security/notices/USN-1396-1

www.cve.org/CVERecord?id=CVE-2011-2702

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Related for UB:CVE-2011-2702