Published: 09/10/2013 Updated: 13/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and previous versions allows context-dependent malicious users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.1.2
gnu glibc 2.11
gnu glibc 2.0.5
gnu glibc 2.0.6
gnu glibc 2.10.1
gnu glibc 2.1.1
gnu glibc 2.17
gnu glibc 2.14
gnu glibc 2.0.3
gnu glibc 2.0
gnu glibc 2.13
gnu glibc 2.1.1.6
gnu glibc 2.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 2.0.1
gnu glibc
gnu glibc 2.14.1
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.0.2
gnu glibc 2.16
gnu glibc 2.11.3
gnu glibc 2.11.1
gnu glibc 2.1.3
gnu glibc 2.15
gnu glibc 2.12.2

Several security issues were fixed in the GNU C Library ...

Debian Bug report logs - #687530 eglibc: CVE-2012-4412: strcoll integer / buffer overflow Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 13 Sep 2012 14:21:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fix ...

Debian Bug report logs - #689423 eglibc: CVE-2012-4424: stack overflow in strcoll() Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 2 Oct 2012 13:12:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in ...

Debian Bug report logs - #717178 CVE-2013-4788: PTR_MANGLE ineffective for statically linked binaries Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 17 Jul 2013 14:24:01 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-9 ...

Debian Bug report logs - #722536 eglibc: CVE-2013-4332 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 12 Sep 2013 05:27:02 UTC Severity: grave Tags: patch, security Fixed in versions eglibc/217-93, eglibc/213-38+deb7u1 Done: Aurelien Jarno <aurel32@de ...

Debian Bug report logs - #719558 eglibc: CVE-2013-4237 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 13 Aug 2013 05:15:02 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in versions eglibc/217-94, eglibc/213 ...

Debian Bug report logs - #727181 eglibc: CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 23 Oct 2013 04:54:01 UTC Severity: important Tags: security, upstream Fixed in vers ...

An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=995839 http://www.openwall.com/lists/oss-security/2013/08/12/8 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 http://secunia.com/advisories/55113 http://www.ubuntu.com/usn/USN-1991-1 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.securityfocus.com/bid/61729 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 https://nvd.nist.gov https://usn.ubuntu.com/1991-1/https://access.redhat.com/security/cve/cve-2013-4237

Get Started

CVE-2013-4237

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect