CVE-2013-0242

glibc: Buffer overrun (DoS) in regexp matcher by processing multibyte characters

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

Desbordamiento de búfer en el metodo extend_buffers del comparador expresiónes regulares (posix / regexec.c) en glibc, posiblemente, v2.17 y anteriores, permite a atacantes dependientes de contexto provocar una denegación de servicio (corrupción de memoria y caída) mediante caracteres multibyte artesanales.

A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-12-06 CVE Reserved
2013-02-08 CVE Published
2024-03-04 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (17)

URL	Tag	Source
http://osvdb.org/89747	Vdb Entry
http://secunia.com/advisories/55113	Third Party Advisory
http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html	Mailing List
http://www.openwall.com/lists/oss-security/2013/01/30/5	Mailing List
http://www.securityfocus.com/bid/57638	Vdb Entry
http://www.securitytracker.com/id/1028063	Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2014-0008.html	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/81707	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://sourceware.org/bugzilla/show_bug.cgi?id=15078	2017-08-29

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2013-0769.html	2017-08-29
http://rhn.redhat.com/errata/RHSA-2013-1605.html	2017-08-29
http://secunia.com/advisories/51951	2017-08-29
http://www.mandriva.com/security/advisories?name=MDVSA-2013:163	2017-08-29
http://www.ubuntu.com/usn/USN-1991-1	2017-08-29
https://security.gentoo.org/glsa/201503-04	2017-08-29
https://access.redhat.com/security/cve/CVE-2013-0242	2013-11-20
https://bugzilla.redhat.com/show_bug.cgi?id=905874	2013-11-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.17 Search vendor "Gnu" for product "Glibc" and version "2.17"		-		Affected