CVE-2012-3368

high

Description

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

References

https://bugzilla.redhat.com/show_bug.cgi?id=835849

http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302

Details

Source: Mitre, NVD

Published: 2012-07-03

Updated: 2012-07-04

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High