CVE-2013-0220

CWE-119Buffer OverflowCWE-125Out-of-bounds Read11 documents7 sources
Severity
5.0MEDIUM
EPSS
1.9%
top 16.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fedoraproject Sssd
Timeline
PublishedFeb 24
Latest updateMay 5

Description

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiansssd< 1.8.4-2+3
NVDfedoraproject/sssd1.9.3+72

🔴Vulnerability Details

3
GHSA
GHSA-jj7g-h828-6wpv: The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd2022-05-05
OSV
CVE-2013-0220: The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd2013-02-24
CVEList
CVE-2013-0220: The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd2013-02-24

📋Vendor Advisories

2
Red Hat
sssd: Out-of-bounds read flaws in autofs and ssh services responders2013-01-23
Debian
CVE-2013-0220: sssd - The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname fun...2013

💬Community

5
Bugzilla
CVE-2013-0220 CVE-2013-0219 sssd various flaws [fedora-all]2013-01-23
Bugzilla
CVE-2012-6073 Jenkins: open redirect2012-12-28
Bugzilla
CVE-2012-6074 Jenkins: cross-site scripting vulnerability2012-12-28
Bugzilla
CVE-2012-5658 OpenShift Origin: rhc-chk.rb password exposure in log files2012-12-20
Bugzilla
CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders2012-12-06