CVE-2012-2106
published 2014-02-04CVE-2012-2106: Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.67%
92.0th percentile
Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| csounds | csound | — | — |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| debian | csound | < csound 1:5.17.6~dfsg-1 (bookworm) | csound 1:5.17.6~dfsg-1 (bookworm) |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mm7x-gxc9-9wx5: Integer overflow in the pv_import function in util/pv_import
ghsa_unreviewed·2022-05-17
CVE-2012-2106 [HIGH] GHSA-mm7x-gxc9-9wx5: Integer overflow in the pv_import function in util/pv_import
Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
OSV
CVE-2012-2106: Integer overflow in the pv_import function in util/pv_import
osv·2014-02-04·CVSS 9.3
CVE-2012-2106 [CRITICAL] CVE-2012-2106: Integer overflow in the pv_import function in util/pv_import
Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
Debian
CVE-2012-2106: csound - Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6,...
vendor_debian·2012·CVSS 9.3
CVE-2012-2106 [CRITICAL] CVE-2012-2106: csound - Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6,...
Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 1:5.17.6~dfsg-1)
bullseye: resolved (fixed in 1:5.17.6~dfsg-1)
forky: resolved (fixed in 1:5.17.6~dfsg-1)
sid: resolved (fixed in 1:5.17.6~dfsg-1)
trixie: resolved (fixed in 1:5.17.6~dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4529 JBoss Web: jsessionid exposed via encoded url when using cookie based session tracking
bugzilla·2012-10-19·CVSS 4.3
CVE-2012-4529 [MEDIUM] CVE-2012-4529 JBoss Web: jsessionid exposed via encoded url when using cookie based session tracking
CVE-2012-4529 JBoss Web: jsessionid exposed via encoded url when using cookie based session tracking
When the session tracking method is set to 'COOKIE' only, the org.apache.catalina.connector.Response.encodeURL() method will still return the url with the jsessionid appended as a query string parameter when processing the first request of a session. This is unexpected when sessions are only tracked using cookies. As a result, the jsessionid could be leaked in a way not anticipated by the application developer. An attacker could potentially exploit this using a man-in-the-middle attack, or extracting the jsessionid from log files.
A fix has been committed upstream on the 7.2.x branch as a commit for JBWEB-249 [1] and is committed as revision 2106 [2].
A possible mitigation for this would
Bugzilla
CVE-2012-2106 Csound: Integer overflow leading to buffer overflow in pv_import
bugzilla·2012-04-09·CVSS 9.3
CVE-2012-2106 [CRITICAL] CVE-2012-2106 Csound: Integer overflow leading to buffer overflow in pv_import
CVE-2012-2106 Csound: Integer overflow leading to buffer overflow in pv_import
An integer overflow, leading to a heap-based buffer overflow was found in pv_import utility. If a specially crafted CSV file was opened by the pv_import utility, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running pv_import
Reference:
http://secunia.com/secunia_research/2012-7/
Patch:
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=blobdiff;f=util/pv_import.c;h=4766dbff22510675a444dd242d432292893949c9;hp=811fccf0a04ec39964710fae509b601fdc330852;hb=7d617a9551fb6c552ba16874b71266fcd90f3a6f;hpb=5fbf93d9f6dc21b9e4e085b26b724ba73c2f1c01
and
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=7d617a9551fb6c552ba16874b71266fcd90f3a6fhttp://lists.opensuse.org/opensuse-updates/2012-04/msg00057.htmlhttp://secunia.com/advisories/48148http://secunia.com/secunia_research/2012-7/http://www.openwall.com/lists/oss-security/2012/04/16/1http://www.openwall.com/lists/oss-security/2012/04/16/9http://www.osvdb.org/81016http://www.securityfocus.com/bid/52875https://bugzilla.redhat.com/show_bug.cgi?id=810802https://exchange.xforce.ibmcloud.com/vulnerabilities/74647http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=7d617a9551fb6c552ba16874b71266fcd90f3a6fhttp://lists.opensuse.org/opensuse-updates/2012-04/msg00057.htmlhttp://secunia.com/advisories/48148http://secunia.com/secunia_research/2012-7/http://www.openwall.com/lists/oss-security/2012/04/16/1http://www.openwall.com/lists/oss-security/2012/04/16/9http://www.osvdb.org/81016http://www.securityfocus.com/bid/52875https://bugzilla.redhat.com/show_bug.cgi?id=810802https://exchange.xforce.ibmcloud.com/vulnerabilities/74647
2014-02-04
Published