Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4620 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Plib

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

34.6%

top 2.99%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Plib Project Plib Debian Plib Steve J Baker Plib

Timeline

PublishedDec 31

Latest updateMay 17

Description

Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/plib< plib 1.8.5-5.1 (bookworm)

▶Debianplib_project/plib< 1.8.5-5.1+3

▶NVDsteve_j_baker/plib1.8.5

🔴Vulnerability Details

GHSA

GHSA-f88m-j96j-6cvj: Buffer overflow in the ulSetError function in util/ulError↗2022-05-17

▶

OSV

CVE-2011-4620: Buffer overflow in the ulSetError function in util/ulError↗2011-12-31

▶

💥Exploits & PoCs

Exploit-DB

TORCS 1.3.1 - acc Buffer Overflow↗2011-12-20

▶

📋Vendor Advisories

Debian

CVE-2011-4620: plib - Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as...↗2011

▶

💬Community

Bugzilla

CVE-2011-4620 plib ulSetError() buffer overflow [fedora-all]↗2012-01-03

▶

Bugzilla

CVE-2011-4620 plib ulSetError() buffer overflow↗2011-12-21

▶