CVE-2012-2673

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
boehm-demers-weisergarbage_collector
𝑥
≤ 7.2
boehm-demers-weisergarbage_collector
1.3
boehm-demers-weisergarbage_collector
1.4
boehm-demers-weisergarbage_collector
1.5
boehm-demers-weisergarbage_collector
1.8
boehm-demers-weisergarbage_collector
1.9
boehm-demers-weisergarbage_collector
2.0
boehm-demers-weisergarbage_collector
2.1
boehm-demers-weisergarbage_collector
2.2
boehm-demers-weisergarbage_collector
2.3
boehm-demers-weisergarbage_collector
2.4
boehm-demers-weisergarbage_collector
3.0
boehm-demers-weisergarbage_collector
3.1
boehm-demers-weisergarbage_collector
3.2
boehm-demers-weisergarbage_collector
3.3
boehm-demers-weisergarbage_collector
3.4
boehm-demers-weisergarbage_collector
3.5
boehm-demers-weisergarbage_collector
3.6
boehm-demers-weisergarbage_collector
3.7
boehm-demers-weisergarbage_collector
4.0
boehm-demers-weisergarbage_collector
4.1
boehm-demers-weisergarbage_collector
4.2
boehm-demers-weisergarbage_collector
4.3
boehm-demers-weisergarbage_collector
4.4
boehm-demers-weisergarbage_collector
4.5
boehm-demers-weisergarbage_collector
4.6
boehm-demers-weisergarbage_collector
4.7
boehm-demers-weisergarbage_collector
4.8
boehm-demers-weisergarbage_collector
4.9
boehm-demers-weisergarbage_collector
4.10
boehm-demers-weisergarbage_collector
4.11
boehm-demers-weisergarbage_collector
4.12
boehm-demers-weisergarbage_collector
4.13
boehm-demers-weisergarbage_collector
4.14
boehm-demers-weisergarbage_collector
4.14:alpha1
boehm-demers-weisergarbage_collector
4.14:alpha2
boehm-demers-weisergarbage_collector
5.0
boehm-demers-weisergarbage_collector
5.0:alpha1
boehm-demers-weisergarbage_collector
5.0:alpha2
boehm-demers-weisergarbage_collector
5.0:alpha3
boehm-demers-weisergarbage_collector
5.0:alpha4
boehm-demers-weisergarbage_collector
5.0:alpha6
boehm-demers-weisergarbage_collector
5.0:alpha7
boehm-demers-weisergarbage_collector
5.1
boehm-demers-weisergarbage_collector
5.2
boehm-demers-weisergarbage_collector
5.3
boehm-demers-weisergarbage_collector
5.4
boehm-demers-weisergarbage_collector
6.0
boehm-demers-weisergarbage_collector
6.0:alpha1
boehm-demers-weisergarbage_collector
6.0:alpha2
boehm-demers-weisergarbage_collector
6.0:alpha3
boehm-demers-weisergarbage_collector
6.0:alpha4
boehm-demers-weisergarbage_collector
6.0:alpha5
boehm-demers-weisergarbage_collector
6.0:alpha6
boehm-demers-weisergarbage_collector
6.0:alpha7
boehm-demers-weisergarbage_collector
6.0:alpha8
boehm-demers-weisergarbage_collector
6.0:alpha9
boehm-demers-weisergarbage_collector
6.1
boehm-demers-weisergarbage_collector
6.1:alpha1
boehm-demers-weisergarbage_collector
6.1:alpha2
boehm-demers-weisergarbage_collector
6.1:alpha3
boehm-demers-weisergarbage_collector
6.1:alpha4
boehm-demers-weisergarbage_collector
6.1:alpha5
boehm-demers-weisergarbage_collector
6.2
boehm-demers-weisergarbage_collector
6.2:alpha1
boehm-demers-weisergarbage_collector
6.2:alpha2
boehm-demers-weisergarbage_collector
6.2:alpha3
boehm-demers-weisergarbage_collector
6.2:alpha4
boehm-demers-weisergarbage_collector
6.2:alpha5
boehm-demers-weisergarbage_collector
6.2:alpha6
boehm-demers-weisergarbage_collector
6.3
boehm-demers-weisergarbage_collector
6.3:alpha1
boehm-demers-weisergarbage_collector
6.3:alpha2
boehm-demers-weisergarbage_collector
6.3:alpha3
boehm-demers-weisergarbage_collector
6.3:alpha4
boehm-demers-weisergarbage_collector
6.3:alpha5
boehm-demers-weisergarbage_collector
6.3:alpha6
boehm-demers-weisergarbage_collector
6.4
boehm-demers-weisergarbage_collector
6.5
boehm-demers-weisergarbage_collector
6.6
boehm-demers-weisergarbage_collector
6.7
boehm-demers-weisergarbage_collector
6.8
boehm-demers-weisergarbage_collector
6.9
boehm-demers-weisergarbage_collector
7.0
boehm-demers-weisergarbage_collector
7.0:alpha1
boehm-demers-weisergarbage_collector
7.0:alpha2
boehm-demers-weisergarbage_collector
7.0:alpha3
boehm-demers-weisergarbage_collector
7.0:alpha4
boehm-demers-weisergarbage_collector
7.0:alpha5
boehm-demers-weisergarbage_collector
7.0:alpha7
boehm-demers-weisergarbage_collector
7.0:alpha9
boehm-demers-weisergarbage_collector
7.1
boehm-demers-weisergarbage_collector
7.1:alpha2
boehm-demers-weisergarbage_collector
7.2:alpha2
boehm-demers-weisergarbage_collector
7.2:alpha4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgc
bullseye
1:8.0.4-3
fixed
bookworm
1:8.2.2-3
fixed
sid
1:8.2.8-1
fixed
trixie
1:8.2.8-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgc
precise
Fixed 1:7.1-8ubuntu0.12.04.1
released
oneiric
Fixed 1:7.1-8ubuntu0.11.10.1
released
natty
Fixed 1:6.8-1.2ubuntu3.2
released
lucid
Fixed 1:6.8-1.2ubuntu1.1
released
hardy
Fixed 1:6.8-1.1ubuntu0.1
released
Common Weakness Enumeration
References
http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082926.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082988.html
http://rhn.redhat.com/errata/RHSA-2013-1500.html
http://rhn.redhat.com/errata/RHSA-2014-0149.html
http://rhn.redhat.com/errata/RHSA-2014-0150.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:158
http://www.openwall.com/lists/oss-security/2012/06/05/1
http://www.openwall.com/lists/oss-security/2012/06/07/13
http://www.securityfocus.com/bid/54227
http://www.ubuntu.com/usn/USN-1546-1
https://github.com/ivmai/bdwgc/blob/master/ChangeLog
https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3
https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb
https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1
https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a
http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082926.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082988.html
http://rhn.redhat.com/errata/RHSA-2013-1500.html
http://rhn.redhat.com/errata/RHSA-2014-0149.html
http://rhn.redhat.com/errata/RHSA-2014-0150.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:158
http://www.openwall.com/lists/oss-security/2012/06/05/1
http://www.openwall.com/lists/oss-security/2012/06/07/13
http://www.securityfocus.com/bid/54227
http://www.ubuntu.com/usn/USN-1546-1
https://github.com/ivmai/bdwgc/blob/master/ChangeLog
https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3
https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb
https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1
https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a