Wind River Support Network

HomeDefectsLIN5-9564
Fixed

LIN5-9564 : Security Advisory - grep - CVE-2012-5667 - GPLv2

Created: May 9, 2013    Updated: Dec 19, 2017
Resolved Date: May 31, 2013
Previous ID: LIN4-20205
Found In Version: 5.0
Fix Version: 5.0.1.4
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667

Workaround

N/A

Steps to Reproduce

perl -e 'print "x"x(1073741824)' | LANG=c ./src/grep x > /dev/null

Other Downloads


Live chat
Online