CVE-2011-3149Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux-pam

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-835Infinite Loop9 documents7 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 80.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PAMDebian PAMLinux-pam
Timeline
PublishedJul 22
Latest updateMay 14

Description

The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

NVDlinux-pam/linux-pam1.1.4+25
debiandebian/pam< pam 1.1.3-5 (bookworm)
Debianpam/pam< 1.1.3-5+3

🔴Vulnerability Details

2
GHSA
GHSA-5wc7-486v-w943: The _expand_arg function in the pam_env module (modules/pam_env/pam_env2022-05-14
OSV
CVE-2011-3149: The _expand_arg function in the pam_env module (modules/pam_env/pam_env2012-07-22

📋Vendor Advisories

3
Red Hat
(pam_env): Infinite loop by expanding certain arguments2011-10-24
Ubuntu
PAM vulnerabilities2011-10-24
Debian
CVE-2011-3149: pam - The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Li...2011

💬Community

3
Bugzilla
CVE-2011-3149 pam (pam_env): Infinite loop by expanding certain arguments [fedora-all]2011-10-25
Bugzilla
CVE-2011-3149 pam (pam_env): Infinite loop by expanding certain arguments2011-10-17
Bugzilla
CVE-2011-3148 pam (pam_env): Stack-based buffer overflow by parsing user's pam_environment file2011-10-17
CVE-2011-3149 — Linux-pam vulnerability | cvebase