CVE-2013-4237
glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
sysdeps/posix/readdir_r.c en GNU C Library (también conocido como glibc o libc6) 2.18 y anteriores permite a atacantes dependientes del contexto provocar una denegación de servicio (escritura fuera de límites y cuelgue) o posiblemente ejecutar código arbitrario a través de (1) NTFS o (2) una imagen CIFS manipulada.
An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.
Updated glibc packages fix multiple security issues. Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. pt_chown in GNU C Library before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-10-09 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/55113 | Third Party Advisory | |
| http://www.securityfocus.com/bid/61729 | Vdb Entry | |
| https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/08/12/8 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=995839 | 2014-10-13 | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=14699 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1991-1 | 2023-02-13 | |
| https://security.gentoo.org/glsa/201503-04 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2013-4237 | 2014-10-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.18 Search vendor "Gnu" for product "Glibc" and version " <= 2.18" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0 Search vendor "Gnu" for product "Glibc" and version "2.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.1 Search vendor "Gnu" for product "Glibc" and version "2.0.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.2 Search vendor "Gnu" for product "Glibc" and version "2.0.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.3 Search vendor "Gnu" for product "Glibc" and version "2.0.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.4 Search vendor "Gnu" for product "Glibc" and version "2.0.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.5 Search vendor "Gnu" for product "Glibc" and version "2.0.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.6 Search vendor "Gnu" for product "Glibc" and version "2.0.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1 Search vendor "Gnu" for product "Glibc" and version "2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.1 Search vendor "Gnu" for product "Glibc" and version "2.1.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.1.6 Search vendor "Gnu" for product "Glibc" and version "2.1.1.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.2 Search vendor "Gnu" for product "Glibc" and version "2.1.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.3 Search vendor "Gnu" for product "Glibc" and version "2.1.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.9 Search vendor "Gnu" for product "Glibc" and version "2.1.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.10.1 Search vendor "Gnu" for product "Glibc" and version "2.10.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11 Search vendor "Gnu" for product "Glibc" and version "2.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.1 Search vendor "Gnu" for product "Glibc" and version "2.11.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.2 Search vendor "Gnu" for product "Glibc" and version "2.11.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.3 Search vendor "Gnu" for product "Glibc" and version "2.11.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.12.1 Search vendor "Gnu" for product "Glibc" and version "2.12.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.12.2 Search vendor "Gnu" for product "Glibc" and version "2.12.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.13 Search vendor "Gnu" for product "Glibc" and version "2.13" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.14 Search vendor "Gnu" for product "Glibc" and version "2.14" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.14.1 Search vendor "Gnu" for product "Glibc" and version "2.14.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.15 Search vendor "Gnu" for product "Glibc" and version "2.15" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.16 Search vendor "Gnu" for product "Glibc" and version "2.16" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.17 Search vendor "Gnu" for product "Glibc" and version "2.17" | - |
Affected
| ||||||