Bug 1007545 (CVE-2013-4332) - CVE-2013-4332 glibc: three integer overflows in memory allocator
Summary: CVE-2013-4332 glibc: three integer overflows in memory allocator
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-4332
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1008298 1008299 1008310 1011804 1011805
Blocks: 974906 1007547
TreeView+ depends on / blocked
 
Reported: 2013-09-12 18:06 UTC by Vincent Danen
Modified: 2019-09-29 13:08 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Clone Of:
Environment:
Last Closed: 2013-11-22 06:06:25 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1411 0 normal SHIPPED_LIVE Moderate: glibc security and bug fix update 2013-10-08 20:22:13 UTC
Red Hat Product Errata RHSA-2013:1605 0 normal SHIPPED_LIVE Moderate: glibc security, bug fix, and enhancement update 2013-11-20 21:54:09 UTC

Description Vincent Danen 2013-09-12 18:06:03 UTC 
Will Newton reported [1] three integer overflow flaws in the glibc memory allocator functions: pvalloc [2],[3], valloc [4],[5], and posix_memalign/memalign/assigned_alloc [6],[7].  These issues cause a large allocation size to wrap around and cause a wrong sized allocation and heap corruption.


[1] http://www.openwall.com/lists/oss-security/2013/09/11/2
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=15855
[3] http://sourceware.org/git/?p=glibc.git;a=commit;h=1159a193696ad48ec86e5895f6dee3e539619c0e
[4] https://sourceware.org/bugzilla/show_bug.cgi?id=15856
[5] http://sourceware.org/git/?p=glibc.git;a=commit;h=55e17aadc1ef17a1df9626fb0e9fba290ece3331
[6] https://sourceware.org/bugzilla/show_bug.cgi?id=15857
[7] http://sourceware.org/git/?p=glibc.git;a=commit;h=b73ed247781d533628b681f57257dc85882645d3
Comment 2 Huzaifa S. Sidhpurwala 2013-09-16 06:06:23 UTC 
Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1008299]
Comment 4 Carlos O'Donell 2013-09-17 20:07:30 UTC 
The glibc team is aware of this bug and will be backporting the upstream fixes.
Comment 7 Fedora Update System 2013-09-26 06:12:42 UTC 
glibc-2.18-9.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-09-28 00:06:46 UTC 
glibc-2.17-18.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 errata-xmlrpc 2013-10-08 16:24:45 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1411 https://rhn.redhat.com/errata/RHSA-2013-1411.html
Comment 10 errata-xmlrpc 2013-11-21 11:03:38 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1605 https://rhn.redhat.com/errata/RHSA-2013-1605.html
Note You need to log in before you can comment on or make changes to this bug.