CVE-2012-2673 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libgc

CWE-1897 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.7%

top 17.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libgc Boehm-demers-weiser Garbage Collector

Timeline

PublishedJul 25

Latest updateMay 17

Description

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDboehm-demers-weiser/garbage_collector7.2+51

▶debiandebian/libgc< libgc 1:7.1-9 (bookworm)

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-779g-vf77-jgjv: Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc↗2022-05-17

▶

OSV

CVE-2012-2673: Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc↗2012-07-25

▶

📋Vendor Advisories

Ubuntu

libgc vulnerability↗2012-08-28

▶

Red Hat

gc: malloc() and calloc() overflows↗2012-06-05

▶

Debian

CVE-2012-2673: libgc - Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions...↗2012

▶

💬Community

Bugzilla

CVE-2012-2673 gc: malloc() and calloc() overflows↗2012-06-05

▶