{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"}, {"name": "glibc-extendbuffers-dos(81707)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81707"}, {"name": "RHSA-2013:1605", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"}, {"name": "55113", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55113"}, {"name": "USN-1991-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1991-1"}, {"name": "57638", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57638"}, {"name": "89747", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/89747"}, {"name": "51951", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51951"}, {"name": "1028063", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1028063"}, {"name": "[oss-security] 20130130 Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/01/30/5"}, {"name": "GLSA-201503-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201503-04"}, {"name": "[libc-alpha] 20130129 [PATCH] Fix buffer overrun in regexp matcher", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html"}, {"name": "RHSA-2013:0769", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"}, {"name": "MDVSA-2013:163", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"}, {"tags": ["x_refsource_MISC"], "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15078"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.596Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"}, {"name": "glibc-extendbuffers-dos(81707)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81707"}, {"name": "RHSA-2013:1605", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"}, {"name": "55113", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55113"}, {"name": "USN-1991-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1991-1"}, {"name": "57638", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57638"}, {"name": "89747", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/89747"}, {"name": "51951", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51951"}, {"name": "1028063", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1028063"}, {"name": "[oss-security] 20130130 Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/01/30/5"}, {"name": "GLSA-201503-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201503-04"}, {"name": "[libc-alpha] 20130129 [PATCH] Fix buffer overrun in regexp matcher", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html"}, {"name": "RHSA-2013:0769", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"}, {"name": "MDVSA-2013:163", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15078"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0242", "datePublished": "2013-02-08T20:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.596Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*", "matchCriteriaId": "C1E91F85-7872-4290-BE7F-C966AC2773CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el metodo extend_buffers del comparador expresi\u00f3nes regulares (posix / regexec.c) en glibc, posiblemente, v2.17 y anteriores, permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda) mediante caracteres multibyte artesanales.\r\n"}], "id": "CVE-2013-0242", "lastModified": "2017-08-29T01:33:00.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-08T20:55:01.483", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/89747"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51951"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55113"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15078"}, {"source": "secalert@redhat.com", "url": "http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/01/30/5"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57638"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1028063"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1991-1"}, {"source": "secalert@redhat.com", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81707"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201503-04"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0769", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "glibc-0:2.5-107.el5_9.4", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-04-24T00:00:00Z"}, {"advisory": "RHSA-2013:1605", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "glibc-0:2.12-1.132.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}], "bugzilla": {"description": "glibc: Buffer overrun (DoS) in regexp matcher by processing multibyte characters", "id": "905874", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905874"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.", "A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash."], "name": "CVE-2013-0242", "public_date": "2013-01-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0242\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0242"], "threat_severity": "Low"}