CVE-2013-4237

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

References

http://secunia.com/advisories/55113

http://www.mandriva.com/security/advisories?name=MDVSA-2013:283

http://www.openwall.com/lists/oss-security/2013/08/12/8

http://www.securityfocus.com/bid/61729

http://www.ubuntu.com/usn/USN-1991-1

https://bugzilla.redhat.com/show_bug.cgi?id=995839

https://security.gentoo.org/glsa/201503-04

https://sourceware.org/bugzilla/show_bug.cgi?id=14699

https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=91ce40854d0b7f865cf5024ef95a8026b76096f3

Details

Source: MITRE

Published: 2013-10-09

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
127161NewStart CGSL MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0012)NessusNewStart CGSL Local Security Checks
high
125005EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)NessusHuawei Local Security Checks
critical
83638SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)NessusSuSE Local Security Checks
high
83637SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)NessusSuSE Local Security Checks
high
83634SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)NessusSuSE Local Security Checks
high
82149Debian DLA-165-1 : eglibc security updateNessusDebian Local Security Checks
high
81689GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)NessusGentoo Local Security Checks
high
79548OracleVM 3.3 : glibc (OVMSA-2014-0033)NessusOracleVM Local Security Checks
high
79180CentOS 6 : glibc (CESA-2014:1391)NessusCentOS Local Security Checks
medium
78844Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20141014)NessusScientific Linux Local Security Checks
medium
78656Slackware 14.1 / current : glibc (SSA:2014-296-01)NessusSlackware Local Security Checks
high
78524Oracle Linux 6 : glibc (ELSA-2014-1391)NessusOracle Linux Local Security Checks
medium
78408RHEL 6 : glibc (RHSA-2014:1391)NessusRed Hat Local Security Checks
medium
75154openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)NessusSuSE Local Security Checks
high
71308SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)NessusSuSE Local Security Checks
high
71307SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)NessusSuSE Local Security Checks
high
71092Mandriva Linux Security Advisory : glibc (MDVSA-2013:283)NessusMandriva Local Security Checks
high
70538Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)NessusUbuntu Local Security Checks
high
69436Fedora 19 : glibc-2.17-13.fc19 (2013-15053)NessusFedora Local Security Checks
high