Vulnerability Details : CVE-2013-0242
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-0242
Probability of exploitation activity in the next 30 days: 0.90%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0242
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-0242
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0242
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/81707
glibc extend_buffers() denial of service CVE-2013-0242 Vulnerability Report
-
http://www.ubuntu.com/usn/USN-1991-1
USN-1991-1: GNU C Library vulnerabilities | Ubuntu security notices
-
http://sourceware.org/bugzilla/show_bug.cgi?id=15078
15078 – (CVE-2013-0242) regex crash on myanmar script (CVE-2013-0242)Patch
-
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
VMSA-2014-0008.2
-
https://security.gentoo.org/glsa/201503-04
GNU C Library: Multiple vulnerabilities (GLSA 201503-04) — Gentoo security
-
http://www.securitytracker.com/id/1028063
Glibc Regex Bug Lets Remote or Local Users Deny Service - SecurityTracker
-
http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html
Andreas Schwab - [PATCH] Fix buffer overrun in regexp matcher
-
http://rhn.redhat.com/errata/RHSA-2013-0769.html
RHSA-2013:0769 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2013/01/30/5
oss-security - Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters
-
http://rhn.redhat.com/errata/RHSA-2013-1605.html
RHSA-2013:1605 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/57638
GNU glibc 'regexec.c' Buffer Overflow Vulnerability
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:163
mandriva.com
Products affected by CVE-2013-0242
- cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*