CVE-2007-6754
 
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors.
La función ipalloc en libc /stdlib/malloc.c en jemalloc en libc para FreeBSD y NetBSD v6.4 no asignan correctamente la memoria, lo que hace que sea más fácil para los atacantes dependientes de contexto llevar a cabo ataques relacionados con la memoria, tales como desbordamientos de búfer a través de un valor de tamaño grande, relacionado con errores de "redondeo entero y desbordamiento".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-07-25 CVE Reserved
- 2012-07-25 CVE Published
- 2023-06-15 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://svnweb.freebsd.org/base?view=revision&revision=167872 | 2012-07-26 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.4 Search vendor "Freebsd" for product "Freebsd" and version "6.4" | - |
Affected
| ||||||
Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | * | - |
Affected
|