CVE-2012-5667
published 2013-01-03CVE-2012-5667: Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line…
PriorityP429medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.1th percentile
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | grep | < grep 2.11-1 (bookworm) | grep 2.11-1 (bookworm) |
| gnu | grep | <= 2.10 | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | — | — |
| gnu | grep | >= 0 < 2.11-1 | 2.11-1 |
| gnu | grep | >= 0 < 2.11-1 | 2.11-1 |
| gnu | grep | >= 0 < 2.11-1 | 2.11-1 |
| gnu | grep | >= 0 < 2.11-1 | 2.11-1 |
CVSS provenance
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM
vendor_debian4.4LOW
vendor_redhat4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ww72-x43x-r55q: Multiple integer overflows in GNU Grep before 2
ghsa_unreviewed·2022-05-17
CVE-2012-5667 [MEDIUM] GHSA-ww72-x43x-r55q: Multiple integer overflows in GNU Grep before 2
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
OSV
CVE-2012-5667: Multiple integer overflows in GNU Grep before 2
osv·2013-01-03·CVSS 4.4
CVE-2012-5667 [MEDIUM] CVE-2012-5667: Multiple integer overflows in GNU Grep before 2
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Red Hat
grep: Integer overflow leading to heap-based buffer-overflow when reading large lines
vendor_redhat·2012-12-22·CVSS 4.4
CVE-2012-5667 [MEDIUM] CWE-190 grep: Integer overflow leading to heap-based buffer-overflow when reading large lines
grep: Integer overflow leading to heap-based buffer-overflow when reading large lines
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep.
Statement: This issue did not affect the version of grep as shipped with Red Hat Enterprise Linux 5.
Package: grep (Red Hat Enterprise Linux 5) - Not affected
Package: grep (Red Hat E
Debian
CVE-2012-5667: grep - Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent...
vendor_debian·2012·CVSS 4.4
CVE-2012-5667 [MEDIUM] CVE-2012-5667: grep - Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent...
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 2.11-1)
bullseye: resolved (fixed in 2.11-1)
forky: resolved (fixed in 2.11-1)
sid: resolved (fixed in 2.11-1)
trixie: resolved (fixed in 2.11-1)
No detection rules found.
http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.htmlhttp://openwall.com/lists/oss-security/2012/12/22/6http://rhn.redhat.com/errata/RHSA-2015-1447.htmlhttp://www.securityfocus.com/bid/57033https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473https://bugzilla.redhat.com/show_bug.cgi?id=889935http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.htmlhttp://openwall.com/lists/oss-security/2012/12/22/6http://rhn.redhat.com/errata/RHSA-2015-1447.htmlhttp://www.securityfocus.com/bid/57033https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473https://bugzilla.redhat.com/show_bug.cgi?id=889935
2013-01-03
Published