CVE-2013-4357 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Affected Products (NVD)

Vendor	Product	Version
eglibc	eglibc	𝑥 < 2.14
novell	suse_linux_enterprise_server	11.0:sp2
debian	debian_linux	6.0
debian	debian_linux	7.0
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

eglibc

lucid	Fixed 2.11.1-0ubuntu7.14 released
precise	not-affected
quantal	not-affected
raring	not-affected
saucy	not-affected
trusty	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html

http://www.openwall.com/lists/oss-security/2013/09/17/4

http://www.openwall.com/lists/oss-security/2013/09/17/8

http://www.openwall.com/lists/oss-security/2015/01/28/18

http://www.openwall.com/lists/oss-security/2015/01/29/21

http://www.openwall.com/lists/oss-security/2015/02/24/3

http://www.securityfocus.com/bid/67992

http://www.ubuntu.com/usn/USN-2306-1

http://www.ubuntu.com/usn/USN-2306-2

http://www.ubuntu.com/usn/USN-2306-3

https://access.redhat.com/security/cve/cve-2013-4357

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357

https://exchange.xforce.ibmcloud.com/vulnerabilities/95103

https://security-tracker.debian.org/tracker/CVE-2013-4357

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html

http://www.openwall.com/lists/oss-security/2013/09/17/4

http://www.openwall.com/lists/oss-security/2013/09/17/8

http://www.openwall.com/lists/oss-security/2015/01/28/18

http://www.openwall.com/lists/oss-security/2015/01/29/21

http://www.openwall.com/lists/oss-security/2015/02/24/3

http://www.securityfocus.com/bid/67992

http://www.ubuntu.com/usn/USN-2306-1

http://www.ubuntu.com/usn/USN-2306-2

http://www.ubuntu.com/usn/USN-2306-3

https://access.redhat.com/security/cve/cve-2013-4357

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357

https://exchange.xforce.ibmcloud.com/vulnerabilities/95103

https://security-tracker.debian.org/tracker/CVE-2013-4357