CVE-2011-5320 : scanf and related functions in glibc before 2.15 allow local users to cause a de

scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.

Published 2017-10-18 14:29:00

Updated 2017-11-08 17:05:29

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Products affected by CVE-2011-5320

GNU » Glibc
Versions up to, including, (<=) 2.14.1
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.2	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.5	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0

sourceware.org Git - glibc.git/commitdiff
Issue Tracking
https://marc.info/?l=gimp-developer&m=129567990905823&w=2

'[Gimp-developer] scanfs without field width limits making Gimp crash' - MARC
Exploit
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0

sourceware.org Git - glibc.git/commitdiff
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1196745

1196745 – (CVE-2011-5320) CVE-2011-5320 glibc: scanf implementation crashes on certain inputs
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4

13138 – scanf crashes on very long numbers
Issue Tracking
http://www.openwall.com/lists/oss-security/2015/03/12/14

oss-security - Re: CVE request: glibc scanf implementation crashes on certain inputs
Third Party Advisory

Jump to