CVE-2012-2674 - OpenCVE

Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Google	Bionic

Configuration 1 [-]

cpe:2.3:a:google:bionic:-:*:*:*:*:android:*:*

References

Link	Resource
http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
http://www.openwall.com/lists/oss-security/2012/06/05/1
http://www.openwall.com/lists/oss-security/2012/06/07/13
https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385	Exploit Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:15:36

Updated: 2022-10-03T16:15:36

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-2674

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-07-25T19:55:02.820

Modified: 2012-08-24T04:00:00.000

Link: CVE-2012-2674

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:36", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"}, {"name": "[oss-security] 20120605 memory allocator upstream patches", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/05/1"}, {"name": "[oss-security] 20120607 Re: memory allocator upstream patches", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/07/13"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2674", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", "refsource": "MISC", "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"}, {"name": "[oss-security] 20120605 memory allocator upstream patches", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/06/05/1"}, {"name": "[oss-security] 20120607 Re: memory allocator upstream patches", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/06/07/13"}, {"name": "https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385", "refsource": "CONFIRM", "url": "https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2674", "datePublished": "2022-10-03T16:15:36", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:bionic:-:*:*:*:*:android:*:*", "matchCriteriaId": "36B0A10E-022D-4DD8-A9E8-9CB3AD9A47F6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en la chk_malloc (1), leak_malloc (2), y (3) las funciones de leak_memalign en libc/bionic/malloc_debug_leak.c en Bionic (libc) para Android, libc.debug.malloc cuando se establece, facilitar a los atacantes dependientes de contexto para llevar a cabo ataques relacionados con la memoria, tales como desbordamientos de b\u00fafer a trav\u00e9s de un valor de gran tama\u00f1o, lo que hace que se asigne menos memoria de lo esperado."}], "id": "CVE-2012-2674", "lastModified": "2012-08-24T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-25T19:55:02.820", "references": [{"source": "secalert@redhat.com", "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/05/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/07/13"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}