1007545 – (CVE-2013-4332) CVE-2013-4332 glibc: three integer overflows in memory allocator

Bug 1007545 (CVE-2013-4332) - CVE-2013-4332 glibc: three integer overflows in memory allocator

Summary: CVE-2013-4332 glibc: three integer overflows in memory allocator

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-4332
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1008298 1008299 1008310 1011804 1011805
Blocks:	974906 1007547
TreeView+	depends on / blocked

Reported:	2013-09-12 18:06 UTC by Vincent Danen
Modified:	2019-09-29 13:08 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Clone Of:
Environment:
Last Closed:	2013-11-22 06:06:25 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:1411	0	normal	SHIPPED_LIVE	Moderate: glibc security and bug fix update	2013-10-08 20:22:13 UTC
Red Hat Product Errata	RHSA-2013:1605	0	normal	SHIPPED_LIVE	Moderate: glibc security, bug fix, and enhancement update	2013-11-20 21:54:09 UTC

Description Vincent Danen 2013-09-12 18:06:03 UTC

Will Newton reported [1] three integer overflow flaws in the glibc memory allocator functions: pvalloc [2],[3], valloc [4],[5], and posix_memalign/memalign/assigned_alloc [6],[7].  These issues cause a large allocation size to wrap around and cause a wrong sized allocation and heap corruption.


[1] http://www.openwall.com/lists/oss-security/2013/09/11/2
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=15855
[3] http://sourceware.org/git/?p=glibc.git;a=commit;h=1159a193696ad48ec86e5895f6dee3e539619c0e
[4] https://sourceware.org/bugzilla/show_bug.cgi?id=15856
[5] http://sourceware.org/git/?p=glibc.git;a=commit;h=55e17aadc1ef17a1df9626fb0e9fba290ece3331
[6] https://sourceware.org/bugzilla/show_bug.cgi?id=15857
[7] http://sourceware.org/git/?p=glibc.git;a=commit;h=b73ed247781d533628b681f57257dc85882645d3

Comment 2 Huzaifa S. Sidhpurwala 2013-09-16 06:06:23 UTC

Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1008299]

Comment 4 Carlos O'Donell 2013-09-17 20:07:30 UTC

The glibc team is aware of this bug and will be backporting the upstream fixes.

Comment 7 Fedora Update System 2013-09-26 06:12:42 UTC

glibc-2.18-9.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-09-28 00:06:46 UTC

glibc-2.17-18.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 errata-xmlrpc 2013-10-08 16:24:45 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1411 https://rhn.redhat.com/errata/RHSA-2013-1411.html

Comment 10 errata-xmlrpc 2013-11-21 11:03:38 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1605 https://rhn.redhat.com/errata/RHSA-2013-1605.html

Note You need to log in before you can comment on or make changes to this bug.