CVE-2012-3509

{"id": "CVE-2012-3509", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-09-05T23:55:01.727", "references": [{"url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security-tracker.debian.org/tracker/CVE-2012-3509", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/08/29/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/55281", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2496-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78135", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the \"addition of CHUNK_HEADER_SIZE to the length,\" which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Varias vulnerabilidades de desbordamiento de enteros en la funci\u00f3n _objalloc_alloc (1) en objalloc.c y (2) macro objalloc_alloc en include/objalloc.h en GNU libiberty, utilizada por binutils v2.22, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionada con la \"adici\u00f3n de CHUNK_HEADER_SIZE a la longitud\", lo que provoca un desbordamiento de b\u00fafer basado en heap"}], "lastModified": "2017-08-29T01:31:56.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:2.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFDCD233-FAD7-48CE-9316-1EBA65AC2BEC"}, {"criteria": "cpe:2.3:a:gnu:libiberty:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3F885E6-F235-40D1-96BF-D9916E898699"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}