CVE-2012-3420

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
sgiperformance_co-pilot
𝑥
≤ 3.6.4
sgiperformance_co-pilot
2.1.1
sgiperformance_co-pilot
2.1.2
sgiperformance_co-pilot
2.1.3
sgiperformance_co-pilot
2.1.4
sgiperformance_co-pilot
2.1.5
sgiperformance_co-pilot
2.1.6
sgiperformance_co-pilot
2.1.7
sgiperformance_co-pilot
2.1.8
sgiperformance_co-pilot
2.1.9
sgiperformance_co-pilot
2.1.10
sgiperformance_co-pilot
2.1.11
sgiperformance_co-pilot
2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pcp
bullseye
5.2.6-1
fixed
bookworm
6.0.3-1.1
fixed
sid
6.3.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pcp
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
natty
ignored
lucid
ignored
hardy
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae
http://www.debian.org/security/2012/dsa-2533
http://www.openwall.com/lists/oss-security/2012/08/16/1
https://bugzilla.redhat.com/show_bug.cgi?id=841298
https://bugzilla.redhat.com/show_bug.cgi?id=841319
https://bugzilla.redhat.com/show_bug.cgi?id=841704
https://hermes.opensuse.org/messages/15471040
https://hermes.opensuse.org/messages/15540133
https://hermes.opensuse.org/messages/15540172
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae
http://www.debian.org/security/2012/dsa-2533
http://www.openwall.com/lists/oss-security/2012/08/16/1
https://bugzilla.redhat.com/show_bug.cgi?id=841298
https://bugzilla.redhat.com/show_bug.cgi?id=841319
https://bugzilla.redhat.com/show_bug.cgi?id=841704
https://hermes.opensuse.org/messages/15471040
https://hermes.opensuse.org/messages/15540133
https://hermes.opensuse.org/messages/15540172