{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-01-04T11:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/01/03/7"}, {"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6089", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/01/03/7"}, {"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5", "refsource": "MLIST", "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"}, {"name": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c", "refsource": "CONFIRM", "url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:21:28.502Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/01/03/7"}, {"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-6089", "datePublished": "2013-01-04T11:00:00Z", "dateReserved": "2012-12-06T00:00:00Z", "dateUpdated": "2024-09-17T01:55:59.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6A435FD-F02D-4F82-8C59-16AC1F4769DD", "versionEndIncluding": "6.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*", "matchCriteriaId": "564241B5-9462-4C05-AF2A-ED4C5EC735D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*", "matchCriteriaId": "C2A82A01-F922-4729-9B35-736F07991543", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*", "matchCriteriaId": "E02861BD-ADD3-42D3-AAC0-F9335A135978", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*", "matchCriteriaId": "A49328C0-9B01-46B3-AADD-624B631CDD76", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*", "matchCriteriaId": "08E25B15-1E59-4392-AC7B-B262537A5C6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*", "matchCriteriaId": "B3E80AF1-7664-4DE0-B52E-D5CB584EE262", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*", "matchCriteriaId": "7FCCFFA5-833D-45BF-9770-8A82581D279C", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*", "matchCriteriaId": "4A3C02C1-9226-4CC8-BA4B-D1C19328A053", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*", "matchCriteriaId": "7D985A66-4F0D-4C3B-8C0F-2E8858C4B2CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*", "matchCriteriaId": "3BDBDA0E-D2D5-42B5-89F8-F95EF0A6B91D", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*", "matchCriteriaId": "626E43DC-F845-441F-9A90-71888D229F42", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*", "matchCriteriaId": "AAE0E48E-9D35-4576-9594-27E5C369C51B", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*", "matchCriteriaId": "C7EA7412-1D40-4C76-8D73-8085AB57EED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*", "matchCriteriaId": "BF7A4B57-C7FC-4559-BA2E-11142463EA0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA641444-79A5-4A35-A9B3-AE849F40A93C", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "49766A51-1012-4DA9-92BA-A7CFF380ABC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B89B6121-EAFA-415E-AEAD-B2E907BDEA5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "C32CDE03-520D-481E-BAEB-C7B0BCD8AC80", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE745BFE-7C79-439C-BAE5-2EBD064A9D5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "A43C5729-1DBA-40D7-AB59-6ECCDAF5DFA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "9087AA22-11FD-4BEF-86FC-9448A0847E24", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "4AF09847-8BC4-4EB5-86E2-26915EBC7F86", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "C9D997B8-9F1C-495E-92F2-8B188C15C0B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "4F39F681-7470-4097-BE61-735FD5EABE3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5AC616E-355B-4202-BB14-D9D71E5C2DCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "36CAA985-3A22-47E3-B90B-3C7834A38557", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1A40CCF-CF41-47CE-8D2C-33A6778E5C6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "38B14FAB-EFA0-45AC-8873-C833FFF2C965", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD24DA73-9B04-4DA5-984C-B6BE8C978DA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E478CE71-1CCF-436E-BE61-459B7069D182", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "01FEC3B3-BD24-4973-B782-3840D84EBDA2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8B1C1BF1-032F-446D-A16A-EF3C27973AE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C04D9C3-6F22-4B49-8B65-3209C3093EEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "B4CF68B6-D8BF-4695-866F-6DE5267D02F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6122-CD4B-47E7-89EF-DF68DB4A462D", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "A546B14D-6ADF-472F-ADA7-0486F1E5792E", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "6BE34F04-351B-4EE4-BF48-5DE355F5915A", "vulnerable": true}, {"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "2C68C731-2DE1-483A-A0F8-B11B2C19173B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n canoniseFileName en os/pl-os.c en SWI-Prolog anteriores a v6.2.5 y v6.3.x anteriores a v6.3.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de un nombre de fichero manipulado."}], "id": "CVE-2012-6089", "lastModified": "2013-01-04T11:52:15.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-01-04T11:52:15.257", "references": [{"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2013/01/03/7"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "pl: buffer overflows in path canonisation and expansion of file names with long paths", "id": "891577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."], "name": "CVE-2012-6089", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "pl", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-12-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-6089\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6089"], "statement": "The Red Hat Security Response Team has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "SWI-Prolog 6.3.7, SWI-Prolog 6.2.5"}