CVE-2011-2702 in C Libraryinformation

Résumé (Anglaise)

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Réserver

11/07/2011

Divulgation

27/10/2014

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
4995GNU C Library Supplemental Streaming SIMD Extensions 3 memcpy élévation de privilèges94Preuve de conceptCorrectif officielCVE-2011-2702

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!