CVE-2012-6089 (GCVE-0-2012-6089)
Vulnerability from cvelistv5
Published
2013-01-04 11:00
Modified
2024-09-17 01:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"refsource": "MLIST",
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"name": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c",
"refsource": "CONFIRM",
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6089",
"datePublished": "2013-01-04T11:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:55:59.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2012-6089\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-01-04T11:52:15.257\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n canoniseFileName en os/pl-os.c en SWI-Prolog anteriores a v6.2.5 y v6.3.x anteriores a v6.3.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de un nombre de fichero manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.2.4\",\"matchCriteriaId\":\"E6A435FD-F02D-4F82-8C59-16AC1F4769DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"564241B5-9462-4C05-AF2A-ED4C5EC735D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2A82A01-F922-4729-9B35-736F07991543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E02861BD-ADD3-42D3-AAC0-F9335A135978\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A49328C0-9B01-46B3-AADD-624B631CDD76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E25B15-1E59-4392-AC7B-B262537A5C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3E80AF1-7664-4DE0-B52E-D5CB584EE262\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FCCFFA5-833D-45BF-9770-8A82581D279C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A3C02C1-9226-4CC8-BA4B-D1C19328A053\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D985A66-4F0D-4C3B-8C0F-2E8858C4B2CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BDBDA0E-D2D5-42B5-89F8-F95EF0A6B91D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"626E43DC-F845-441F-9A90-71888D229F42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAE0E48E-9D35-4576-9594-27E5C369C51B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7EA7412-1D40-4C76-8D73-8085AB57EED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF7A4B57-C7FC-4559-BA2E-11142463EA0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA641444-79A5-4A35-A9B3-AE849F40A93C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49766A51-1012-4DA9-92BA-A7CFF380ABC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B89B6121-EAFA-415E-AEAD-B2E907BDEA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C32CDE03-520D-481E-BAEB-C7B0BCD8AC80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE745BFE-7C79-439C-BAE5-2EBD064A9D5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A43C5729-1DBA-40D7-AB59-6ECCDAF5DFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9087AA22-11FD-4BEF-86FC-9448A0847E24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AF09847-8BC4-4EB5-86E2-26915EBC7F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9D997B8-9F1C-495E-92F2-8B188C15C0B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:5.10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F39F681-7470-4097-BE61-735FD5EABE3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5AC616E-355B-4202-BB14-D9D71E5C2DCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36CAA985-3A22-47E3-B90B-3C7834A38557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1A40CCF-CF41-47CE-8D2C-33A6778E5C6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38B14FAB-EFA0-45AC-8873-C833FFF2C965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD24DA73-9B04-4DA5-984C-B6BE8C978DA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E478CE71-1CCF-436E-BE61-459B7069D182\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01FEC3B3-BD24-4973-B782-3840D84EBDA2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B1C1BF1-032F-446D-A16A-EF3C27973AE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C04D9C3-6F22-4B49-8B65-3209C3093EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4CF68B6-D8BF-4695-866F-6DE5267D02F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B7A6122-CD4B-47E7-89EF-DF68DB4A462D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A546B14D-6ADF-472F-ADA7-0486F1E5792E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BE34F04-351B-4EE4-BF48-5DE355F5915A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:6.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C68C731-2DE1-483A-A0F8-B11B2C19173B\"}]}]}],\"references\":[{\"url\":\"http://openwall.com/lists/oss-security/2013/01/03/7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=891577\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2013/01/03/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=891577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…