Vulnerability-Lookup

CVE-2013-4332 (GCVE-0-2013-4332)

Vulnerability from cvelistv5 – Published: 2013-10-09 22:00 – Updated: 2024-08-06 16:38

Summary

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2013-4332

Vulnerability from fkie_nvd - Published: 2013-10-09 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-1411.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-1605.html
secalert@redhat.com	http://secunia.com/advisories/55113
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/12/6	Patch
secalert@redhat.com	http://www.securityfocus.com/bid/62324
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1991-1
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332
secalert@redhat.com	https://security.gentoo.org/glsa/201503-04
secalert@redhat.com	https://sourceware.org/bugzilla/show_bug.cgi?id=15855	Exploit
secalert@redhat.com	https://sourceware.org/bugzilla/show_bug.cgi?id=15856
secalert@redhat.com	https://sourceware.org/bugzilla/show_bug.cgi?id=15857	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-1411.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-1605.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55113
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/12/6	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62324
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1991-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201503-04
af854a3a-2127-422b-91ae-364da2661108	https://sourceware.org/bugzilla/show_bug.cgi?id=15855	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://sourceware.org/bugzilla/show_bug.cgi?id=15856
af854a3a-2127-422b-91ae-364da2661108	https://sourceware.org/bugzilla/show_bug.cgi?id=15857	Exploit

Impacted products

Vendor	Product	Version
gnu	glibc	*
gnu	glibc	2.0
gnu	glibc	2.0.1
gnu	glibc	2.0.2
gnu	glibc	2.0.3
gnu	glibc	2.0.4
gnu	glibc	2.0.5
gnu	glibc	2.0.6
gnu	glibc	2.1
gnu	glibc	2.1.1
gnu	glibc	2.1.1.6
gnu	glibc	2.1.2
gnu	glibc	2.1.3
gnu	glibc	2.1.9
gnu	glibc	2.10.1
gnu	glibc	2.11
gnu	glibc	2.11.1
gnu	glibc	2.11.2
gnu	glibc	2.11.3
gnu	glibc	2.12.1
gnu	glibc	2.12.2
gnu	glibc	2.13
gnu	glibc	2.14
gnu	glibc	2.14.1
gnu	glibc	2.15
gnu	glibc	2.16
gnu	glibc	2.17
redhat	enterprise_linux	5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDDAD2B2-386E-4DEA-A20E-0C2197E12089",
              "versionEndIncluding": "2.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "37880948-2AB5-491A-85E2-B7E271E03B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF8E0DCD-8D39-4C89-9B4C-37025D9BE3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD5D113-EF53-4690-92AC-B6E54D70AA9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92B1C39D-1183-4FAE-85C2-D1DC7AA6F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "733A1711-D2FC-45C6-9542-893860851F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4CFA8E-9892-4DDA-9DB2-581711E974A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1E91F85-7872-4290-BE7F-C966AC2773CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de enteros en malloc/malloc.c de GNU C Library (tambi\u00e9n conocida como glibc o libc6) 2.18 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de un valor largo de funciones (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, o (5) aligned_alloc."
    }
  ],
  "id": "CVE-2013-4332",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-09T22:55:02.667",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1411.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/55113"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/12/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/62324"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1991-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201503-04"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1411.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1991-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201503-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JJXR-F8VH-8W2W

Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2022-05-17 02:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-4332"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-10-09T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.",
  "id": "GHSA-jjxr-f8vh-8w2w",
  "modified": "2022-05-17T02:39:15Z",
  "published": "2022-05-17T02:39:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4332"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2013:1411"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2013:1605"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2013-4332"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007545"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201503-04"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1411.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/55113"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/12/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/62324"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1991-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2013-4332

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-4332

Aliases

CVE-2013-4332

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4332",
    "description": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.",
    "id": "GSD-2013-4332",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-4332.html",
      "https://access.redhat.com/errata/RHSA-2013:1605",
      "https://access.redhat.com/errata/RHSA-2013:1411",
      "https://advisories.mageia.org/CVE-2013-4332.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2013-4332.html",
      "https://linux.oracle.com/cve/CVE-2013-4332.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-4332"
      ],
      "details": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.",
      "id": "GSD-2013-4332",
      "modified": "2023-12-13T01:22:16.859042Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-4332",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.gentoo.org/glsa/201503-04",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/201503-04"
          },
          {
            "name": "http://secunia.com/advisories/55113",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/55113"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1991-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1991-1"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-1605.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-1411.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1411.html"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/09/12/6",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/09/12/6"
          },
          {
            "name": "http://www.securityfocus.com/bid/62324",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/62324"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332"
          },
          {
            "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855",
            "refsource": "MISC",
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855"
          },
          {
            "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856",
            "refsource": "MISC",
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856"
          },
          {
            "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857",
            "refsource": "MISC",
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4332"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855"
            },
            {
              "name": "[oss-security] 20130912 Re: CVE Request: Three integer overflows in glibc memory allocator",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/12/6"
            },
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332"
            },
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857"
            },
            {
              "name": "RHSA-2013:1411",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1411.html"
            },
            {
              "name": "55113",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/55113"
            },
            {
              "name": "USN-1991-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1991-1"
            },
            {
              "name": "MDVSA-2013:283",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
            },
            {
              "name": "MDVSA-2013:284",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
            },
            {
              "name": "RHSA-2013:1605",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
            },
            {
              "name": "62324",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/62324"
            },
            {
              "name": "GLSA-201503-04",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201503-04"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T04:46Z",
      "publishedDate": "2013-10-09T22:55Z"
    }
  }
}

CERTFR-2014-AVI-117

Vulnerability from certfr_avis - Published: 2014-03-12 - Updated: 2014-03-12

De multiples vulnérabilités ont été corrigées dans VMware vSphere. Elles permettent à un attaquant de provoquer un déni de service à distance et une amplification de déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	vCenter Server	VMware vCenter Server versions 5.5 Update 1 et antérieures
VMware	N/A	VMware Update Manager versions 5.5 Update 1 et antérieures
VMware	ESXi	VMware ESXi 5.5 versions antérieures à ESXi550-201403101-SG
VMware	vCenter Server	vCenter Server Appliance versions 5.5 Update 1 et antérieures

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-4332 (GCVE-0-2013-4332)

FKIE_CVE-2013-4332

GHSA-JJXR-F8VH-8W2W

GSD-2013-4332

CERTFR-2014-AVI-117

Solution

Tags

Sightings

Nomenclature