Vulnerability Details : CVE-2013-0242
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2013-0242
- cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0242
2.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0242
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-0242
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0242
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/81707
glibc extend_buffers() denial of service CVE-2013-0242 Vulnerability Report
-
http://www.ubuntu.com/usn/USN-1991-1
USN-1991-1: GNU C Library vulnerabilities | Ubuntu security notices
-
http://secunia.com/advisories/55113
Sign in
-
http://sourceware.org/bugzilla/show_bug.cgi?id=15078
15078 – (CVE-2013-0242) regex crash on myanmar script (CVE-2013-0242)Patch
-
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
VMSA-2014-0008.2
-
https://security.gentoo.org/glsa/201503-04
GNU C Library: Multiple vulnerabilities (GLSA 201503-04) — Gentoo security
-
http://www.securitytracker.com/id/1028063
Glibc Regex Bug Lets Remote or Local Users Deny Service - SecurityTracker
-
http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html
Andreas Schwab - [PATCH] Fix buffer overrun in regexp matcher
-
http://rhn.redhat.com/errata/RHSA-2013-0769.html
RHSA-2013:0769 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2013/01/30/5
oss-security - Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters
-
http://osvdb.org/89747
-
http://rhn.redhat.com/errata/RHSA-2013-1605.html
RHSA-2013:1605 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/57638
GNU glibc 'regexec.c' Buffer Overflow Vulnerability
-
http://secunia.com/advisories/51951
Sign inVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:163
mandriva.com
Jump to