CVE-2013-1773 : Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileg

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.

Published 2013-02-28 19:55:02

Updated 2023-02-13 04:41:14

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Threat overview for CVE-2013-1773

Top countries where our scanners detected CVE-2013-1773

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2013-1773 146,171

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2013-1773!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2013-1773

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 29 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-1773

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.2	MEDIUM	AV:L/AC:H/Au:N/C:C/I:C/A:C	1.9	10.0	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-1773

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1773

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd
https://bugzilla.redhat.com/show_bug.cgi?id=916115

916115 – (CVE-2013-1773) CVE-2013-1773 kernel: VFAT slab-based buffer overflow
http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0744.html

RHSA-2013:0744 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0928.html

RHSA-2013:0928 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd

NLS: improve UTF8 -> UTF16 string conversion routine · torvalds/linux@0720a06 · GitHub
http://www.exploit-db.com/exploits/23248/

Google Android Kernel 2.6 - Local Denial of Service Crash (PoC) - Android dos Exploit
http://www.openwall.com/lists/oss-security/2013/02/26/8

oss-security - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
http://rhn.redhat.com/errata/RHSA-2013-1026.html

RHSA-2013:1026 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securityfocus.com/bid/58200

Linux Kernel VFAT Filesystem Local Buffer Overflow Vulnerability

Products affected by CVE-2013-1773