CVE-2011-1006 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libcgroup

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 67.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libcgroup Project Libcgroup Debian Libcgroup Balbir Singh Libcgroup

Timeline

PublishedMar 22

Latest updateMay 17

Description

Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/libcgroup< libcgroup 0.37.1-1 (bookworm)

▶Debianlibcgroup_project/libcgroup< 0.37.1-1+3

▶NVDbalbir_singh/libcgroup0.37+16

Patches

Patch: sourceforge.net ↗Patch: bugzilla.redhat.com ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-9wjp-w6p5-52xw: Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common↗2022-05-17

▶

OSV

CVE-2011-1006: Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common↗2011-03-22

▶

📋Vendor Advisories

Red Hat

libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings↗2011-03-03

▶

Debian

CVE-2011-1006: libcgroup - Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-comm...↗2011

▶

💬Community

Bugzilla

CVE-2011-1006 libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings↗2011-02-16

▶