CVE-2013-4237Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write8 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
1.1%
top 22.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedOct 9
Latest updateMay 17

Description

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debiangnu/glibc< 2.17-94+3
NVDgnu/glibc2.18+26

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-2w2q-5vg5-jx48: sysdeps/posix/readdir_r2022-05-17
CVEList
CVE-2013-4237: sysdeps/posix/readdir_r2013-10-09
OSV
CVE-2013-4237: sysdeps/posix/readdir_r2013-10-09

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2013-10-21
Red Hat
glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters2013-08-11
Debian
CVE-2013-4237: glibc - sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and ear...2013

💬Community

1
Bugzilla
CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters2013-08-11
CVE-2013-4237 — GNU Glibc vulnerability | cvebase