cbcvebase.
CVE-2012-5667
published 2013-01-03

CVE-2012-5667: Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line…

PriorityP429medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.1th percentile
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

Affected

22 ranges
VendorProductVersion rangeFixed in
debiangrep< grep 2.11-1 (bookworm)grep 2.11-1 (bookworm)
gnugrep<= 2.10
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep
gnugrep>= 0 < 2.11-12.11-1
gnugrep>= 0 < 2.11-12.11-1
gnugrep>= 0 < 2.11-12.11-1
gnugrep>= 0 < 2.11-12.11-1

CVSS provenance

nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM
vendor_debian4.4LOW
vendor_redhat4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.