CVE-2012-2673

Severity

50%

Complexity

99%

Confidentiality

48%

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

Type

Boehm-Demers-Weiser Garbace Collector (libgc)

First reported 12 years ago

2012-07-25 19:55:00

Last updated 8 years ago

2016-09-29 01:59:00

Affected Software

Boehm-Demers-Weiser Garbace Collector (libgc) 1.3

1.3

Boehm-Demers-Weiser Garbace Collector (libgc) 1.4

1.4

Boehm-Demers-Weiser Garbace Collector (libgc) 1.5

1.5

Boehm-Demers-Weiser Garbace Collector (libgc) 1.8

1.8

Boehm-Demers-Weiser Garbace Collector (libgc) 1.9

1.9

Boehm-Demers-Weiser Garbace Collector (libgc) 2.0

2.0

Boehm-Demers-Weiser Garbace Collector (libgc) 2.1

2.1

Boehm-Demers-Weiser Garbace Collector (libgc) 2.2

2.2

Boehm-Demers-Weiser Garbace Collector (libgc) 2.3

2.3

Boehm-Demers-Weiser Garbace Collector (libgc) 2.4

2.4

Boehm-Demers-Weiser Garbace Collector (libgc) 3.0

3.0

Boehm-Demers-Weiser Garbace Collector (libgc) 3.1

3.1

Boehm-Demers-Weiser Garbace Collector (libgc) 3.2

3.2

Boehm-Demers-Weiser Garbace Collector (libgc) 3.3

3.3

Boehm-Demers-Weiser Garbace Collector (libgc) 3.4

3.4

Boehm-Demers-Weiser Garbace Collector (libgc) 3.5

3.5

Boehm-Demers-Weiser Garbace Collector (libgc) 3.6

3.6

Boehm-Demers-Weiser Garbace Collector (libgc) 3.7

3.7

Boehm-Demers-Weiser Garbace Collector (libgc) 4.0

4.0

Boehm-Demers-Weiser Garbace Collector (libgc) 4.1

4.1

Boehm-Demers-Weiser Garbace Collector (libgc) 4.2

4.2

Boehm-Demers-Weiser Garbace Collector (libgc) 4.3

4.3

Boehm-Demers-Weiser Garbace Collector (libgc) 4.4

4.4

Boehm-Demers-Weiser Garbace Collector (libgc) 4.5

4.5

Boehm-Demers-Weiser Garbace Collector (libgc) 4.6

4.6

Boehm-Demers-Weiser Garbace Collector (libgc) 4.7

4.7

Boehm-Demers-Weiser Garbace Collector (libgc) 4.8

4.8

Boehm-Demers-Weiser Garbace Collector (libgc) 4.9

4.9

Boehm-Demers-Weiser Garbace Collector (libgc) 4.10

4.10

Boehm-Demers-Weiser Garbace Collector (libgc) 4.11

4.11

Boehm-Demers-Weiser Garbace Collector (libgc) 4.12

4.12

Boehm-Demers-Weiser Garbace Collector (libgc) 4.13

4.13

Boehm-Demers-Weiser Garbace Collector (libgc) 4.14

4.14

Boehm-Demers-Weiser Garbace Collector (libgc) 4.14 alpha 1

4.14

Boehm-Demers-Weiser Garbace Collector (libgc) 4.14 alpha 2

4.14

Boehm-Demers-Weiser Garbace Collector (libgc) 5.0

5.0

Boehm-Demers-Weiser Garbace Collector (libgc) 5.0 alpha 1

5.0

Boehm-Demers-Weiser Garbace Collector (libgc) 5.0 alpha 2

5.0

Boehm-Demers-Weiser Garbace Collector (libgc) 5.0 alpha 3

5.0

Boehm-Demers-Weiser Garbace Collector (libgc) 5.0 alpha 4

5.0

Boehm-Demers-Weiser Garbace Collector (libgc) 5.0 alpha 6

5.0

Boehm-Demers-Weiser Garbace Collector (libgc) 5.0 alpha 7

5.0

Boehm-Demers-Weiser Garbace Collector (libgc) 5.1

5.1

Boehm-Demers-Weiser Garbace Collector (libgc) 5.2

5.2

Boehm-Demers-Weiser Garbace Collector (libgc) 5.3

5.3

Boehm-Demers-Weiser Garbace Collector (libgc) 5.4

5.4

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 1

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 2

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 3

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 4

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 5

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 6

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 7

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 8

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.0 alpha 9

6.0

Boehm-Demers-Weiser Garbace Collector (libgc) 6.1

6.1

Boehm-Demers-Weiser Garbace Collector (libgc) 6.1 alpha 1

6.1

Boehm-Demers-Weiser Garbace Collector (libgc) 6.1 alpha 2

6.1

Boehm-Demers-Weiser Garbace Collector (libgc) 6.1 alpha 3

6.1

Boehm-Demers-Weiser Garbace Collector (libgc) 6.1 alpha 4

6.1

Boehm-Demers-Weiser Garbace Collector (libgc) 6.1 alpha 5

6.1

Boehm-Demers-Weiser Garbace Collector (libgc) 6.2

6.2

Boehm-Demers-Weiser Garbace Collector (libgc) 6.2 alpha 1

6.2

Boehm-Demers-Weiser Garbace Collector (libgc) 6.2 alpha 2

6.2

Boehm-Demers-Weiser Garbace Collector (libgc) 6.2 alpha 3

6.2

Boehm-Demers-Weiser Garbace Collector (libgc) 6.2 alpha 4

6.2

Boehm-Demers-Weiser Garbace Collector (libgc) 6.2 alpha 5

6.2

Boehm-Demers-Weiser Garbace Collector (libgc) 6.2 alpha 6

6.2

Boehm-Demers-Weiser Garbace Collector (libgc) 6.3

6.3

Boehm-Demers-Weiser Garbace Collector (libgc) 6.3 alpha 1

6.3

Boehm-Demers-Weiser Garbace Collector (libgc) 6.3 alpha 2

6.3

Boehm-Demers-Weiser Garbace Collector (libgc) 6.3 alpha 3

6.3

Boehm-Demers-Weiser Garbace Collector (libgc) 6.3 alpha 4

6.3

Boehm-Demers-Weiser Garbace Collector (libgc) 6.3 alpha 5

6.3

Boehm-Demers-Weiser Garbace Collector (libgc) 6.3 alpha 6

6.3

Boehm-Demers-Weiser Garbace Collector (libgc) 6.4

6.4

Boehm-Demers-Weiser Garbace Collector (libgc) 6.5

6.5

Boehm-Demers-Weiser Garbace Collector (libgc) 6.6

6.6

Boehm-Demers-Weiser Garbace Collector (libgc) 6.7

6.7

Boehm-Demers-Weiser Garbace Collector (libgc) 6.8

6.8

Boehm-Demers-Weiser Garbace Collector (libgc) 6.9

6.9

Boehm-Demers-Weiser Garbace Collector (libgc) 7.0

7.0

Boehm-Demers-Weiser Garbace Collector (libgc) 7.0 alpha 1

7.0

Boehm-Demers-Weiser Garbace Collector (libgc) 7.0 alpha 2

7.0

Boehm-Demers-Weiser Garbace Collector (libgc) 7.0 alpha 3

7.0

Boehm-Demers-Weiser Garbace Collector (libgc) 7.0 alpha 4

7.0

Boehm-Demers-Weiser Garbace Collector (libgc) 7.0 alpha 5

7.0

Boehm-Demers-Weiser Garbace Collector (libgc) 7.0 alpha 7

7.0

Boehm-Demers-Weiser Garbace Collector (libgc) 7.0 alpha 9

7.0

Boehm-Demers-Weiser Garbace Collector (libgc) 7.1

7.1

Boehm-Demers-Weiser Garbace Collector (libgc) 7.1 alpha 2

7.1

Boehm-Demers-Weiser Garbace Collector (libgc) 7.2 alpha 2

7.2

Boehm-Demers-Weiser Garbace Collector (libgc) 7.2 alpha 4

7.2

References

http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/

FEDORA-2012-9556

FEDORA-2012-9637

RHSA-2013:1500

RHSA-2014:0149

RHSA-2014:0150

MDVSA-2012:158

[oss-security] 20120605 memory allocator upstream patches

[oss-security] 20120607 Re: memory allocator upstream patches

54227

USN-1546-1

https://github.com/ivmai/bdwgc/blob/master/ChangeLog

https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3

Exploit, Patch

https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb

Exploit, Patch

https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1

Patch

https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.