Computer Security
[EN] securityvulns.ru no-pyccku


sort, uniq, join utilities resources exhaustion
Published:24.03.2013
Source:
SecurityVulns ID:12967
Type:local
Threat Level:
4/10
Description:Resources exhaustion on oversized string.
Affected:GNU : coreutils 6.12
CVE:CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.)
 CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.)
 CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:023 ] coreutils (24.03.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod