Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2674

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2674
Last Modified 24 Aug 2012 12:00:00
Published 25 Jul 2012 03:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2674

Summary

Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

Vulnerable Systems

Application

  • Google Bionic

  • Google Bionic -


References

CONFIRM - https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385

MLIST - [oss-security] 20120607 Re: memory allocator upstream patches

MLIST - [oss-security] 20120605 memory allocator upstream patches

MISC - http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/


Last Updated: 27 May 2016 10:54:58