CVE-2013-4332

Severity

43%

Complexity

86%

Confidentiality

48%

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 11 years ago

2013-10-09 22:55:00

Last updated 7 years ago

2017-07-01 01:29:00

Affected Software

GNU glibc 2.0

2.0

GNU glibc 2.0.1

2.0.1

GNU glibc 2.0.2

2.0.2

GNU glibc 2.0.3

2.0.3

GNU glibc 2.0.4

2.0.4

GNU glibc 2.0.5

2.0.5

GNU glibc 2.0.6

2.0.6

GNU glibc 2.1

2.1

GNU glibc 2.1.1

2.1.1

GNU glibc 2.1.1.6

2.1.1.6

GNU glibc 2.1.2

2.1.2

GNU glibc 2.1.3

2.1.3

GNU glibc 2.1.9

2.1.9

GNU glibc 2.10.1

2.10.1

GNU glibc 2.11

2.11

GNU glibc 2.11.1

2.11.1

GNU glibc 2.11.2

2.11.2

GNU glibc 2.11.3

2.11.3

GNU glibc 2.12.1

2.12.1

GNU glibc 2.12.2

2.12.2

GNU glibc 2.13

2.13

GNU glibc 2.14

2.14

GNU glibc 2.14.1

2.14.1

GNU glibc 2.15

2.15

GNU glibc 2.16

2.16

GNU glibc 2.17

2.17

GNU glibc

Red Hat Enterprise Linux 5

5

References

RHSA-2013:1411

RHSA-2013:1605

55113

MDVSA-2013:283

MDVSA-2013:284

[oss-security] 20130912 Re: CVE Request: Three integer overflows in glibc memory allocator

Patch

62324

USN-1991-1

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332

GLSA-201503-04

https://sourceware.org/bugzilla/show_bug.cgi?id=15855

Exploit

https://sourceware.org/bugzilla/show_bug.cgi?id=15856

https://sourceware.org/bugzilla/show_bug.cgi?id=15857