CVE-2013-1773
published 2013-02-28CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system…
PriorityP428medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
1.04%
59.7th percentile
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
Affected
96 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.2.15-1 (bookworm) | linux 3.2.15-1 (bookworm) |
| linux | linux_kernel | <= 3.3 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
vendor_ubuntu6.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wrp6-2w63-vpc4: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3
ghsa_unreviewed·2022-05-13
CVE-2013-1773 [MEDIUM] CWE-119 GHSA-wrp6-2w63-vpc4: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
OSV
CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3
osv·2013-02-28·CVSS 6.2
CVE-2013-1773 [MEDIUM] CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
Ubuntu
Linux kernel (EC2) vulnerabilities
vendor_ubuntu·2013-03-22·CVSS 6.2
CVE-2013-1773 [MEDIUM] Linux kernel (EC2) vulnerabilities
Title: Linux kernel (EC2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)
A flaw was discovered in the Linux kernels handling of memory ranges with
PROT_NONE when transparent hugepages are in use. An unprivileged local user
could exploit this flaw to cause a denial of service (crash the system).
(CVE-2013-0309)
A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unpr
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2013-03-22·CVSS 6.2
CVE-2013-0228 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-0228)
A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)
A flaw was discovered in the Linux kernel's vhost driver used to accelerate
guest networking in KVM based virtual machines. A privileged guest user
could exploit this flaw to crash the host s
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2013-03-22·CVSS 6.2
CVE-2013-0268 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)
A flaw was discovered in the Linux kernels handling of memory ranges with
PROT_NONE when transparent hugepages are in use. An unprivileged local user
could exploit this flaw to cause a denial of service (crash the system).
(CVE-2013-0309)
A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unprivileg
Ubuntu
Linux kernel (Oneiric backport) vulnerabilities
vendor_ubuntu·2013-03-12·CVSS 5.2
CVE-2013-0216 [MEDIUM] Linux kernel (Oneiric backport) vulnerabilities
Title: Linux kernel (Oneiric backport) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS priv
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2013-03-06·CVSS 5.2
CVE-2013-0216 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-02
Debian
CVE-2013-1773: linux - Buffer overflow in the VFAT filesystem implementation in the Linux kernel before...
vendor_debian·2013·CVSS 6.2
CVE-2013-1773 [MEDIUM] CVE-2013-1773: linux - Buffer overflow in the VFAT filesystem implementation in the Linux kernel before...
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
Scope: local
bookworm: resolved (fixed in 3.2.15-1)
bullseye: resolved (fixed in 3.2.15-1)
forky: resolved (fixed in 3.2.15-1)
sid: resolved (fixed in 3.2.15-1)
trixie: resolved (fixed in 3.2.15-1)
Red Hat
kernel: VFAT slab-based buffer overflow
vendor_redhat·2012-12-09·CVSS 6.2
CVE-2013-1773 [MEDIUM] kernel: VFAT slab-based buffer overflow
kernel: VFAT slab-based buffer overflow
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
Statement: This issue does not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5.
This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3ddhttp://rhn.redhat.com/errata/RHSA-2013-0744.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0928.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1026.htmlhttp://www.exploit-db.com/exploits/23248/http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2http://www.openwall.com/lists/oss-security/2013/02/26/8http://www.osvdb.org/88310http://www.securityfocus.com/bid/58200https://bugzilla.redhat.com/show_bug.cgi?id=916115https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3ddhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3ddhttp://rhn.redhat.com/errata/RHSA-2013-0744.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0928.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1026.htmlhttp://www.exploit-db.com/exploits/23248/http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2http://www.openwall.com/lists/oss-security/2013/02/26/8http://www.osvdb.org/88310http://www.securityfocus.com/bid/58200https://bugzilla.redhat.com/show_bug.cgi?id=916115https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd
2013-02-28
Published