CVE-2012-3368 - Vulnerability Details - OpenCVE

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00444.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Dtach

Configuration 1 [-]

cpe:2.3:a:redhat:dtach:0.8:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
https://bugzilla.redhat.com/show_bug.cgi?id=812551
https://bugzilla.redhat.com/show_bug.cgi?id=835849
https://nvd.nist.gov/vuln/detail/CVE-2012-3368
https://www.cve.org/CVERecord?id=CVE-2012-3368

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00353}`	epss `{'score': 0.00444}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-03T21:00:00Z

Updated: 2024-08-06T20:05:12.394Z

Reserved: 2012-06-14T00:00:00Z

Link: CVE-2012-3368

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-07-03T21:55:01.567

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-3368

Redhat

Severity : Low

Publid Date: 2011-05-03T00:00:00Z

Links: CVE-2012-3368 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2012-07-03T21:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812551"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=835849"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.394Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812551"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=835849"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3368", "state": "PUBLISHED", "dateReserved": "2012-06-14T00:00:00Z", "datePublished": "2012-07-03T21:00:00Z", "dateUpdated": "2024-08-06T20:05:12.394Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:dtach:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "6E0367B7-1BA3-40EE-A670-558E079DFF4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach."}, {"lang": "es", "value": "Error de entero sin signo en attach.c en dtach v0.8 permite a atacantes remotos obtener informaci\u00f3n sensible desde el demonio de la pila de memoria en circunstancias oportunas leyendo datos de la aplicaci\u00f3n despu\u00e9s de una petici\u00f3n de cerrado de conexi\u00f3n (connection-close) irregular, como se demostr\u00f3 ejecutando un cliente de IRC en dtach."}], "id": "CVE-2012-3368", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-03T21:55:01.567", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812551"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=835849"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812551"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=835849"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}