fkie_cve-2013-4788
Vulnerability from fkie_nvd
Published
2013-10-04 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
References
cve@mitre.orghttp://hmarco.org/bugs/CVE-2013-4788.htmlExploit, Patch
cve@mitre.orghttp://seclists.org/fulldisclosure/2015/Sep/23
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2013:283
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2013:284
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2013/07/15/9Exploit, Patch
cve@mitre.orghttp://www.securityfocus.com/bid/61183
cve@mitre.orghttps://security.gentoo.org/glsa/201503-04
af854a3a-2127-422b-91ae-364da2661108http://hmarco.org/bugs/CVE-2013-4788.htmlExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/Sep/23
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/07/15/9Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61183
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201503-04
Impacted products
Vendor Product Version
gnu glibc *
gnu glibc 2.0
gnu glibc 2.0.1
gnu glibc 2.0.2
gnu glibc 2.0.3
gnu glibc 2.0.4
gnu glibc 2.0.5
gnu glibc 2.0.6
gnu glibc 2.1
gnu glibc 2.1.1
gnu glibc 2.1.1.6
gnu glibc 2.1.2
gnu glibc 2.1.3
gnu glibc 2.1.9
gnu glibc 2.4
gnu glibc 2.10.1
gnu glibc 2.11
gnu glibc 2.11.1
gnu glibc 2.11.2
gnu glibc 2.11.3
gnu glibc 2.12.1
gnu glibc 2.12.2
gnu glibc 2.13
gnu glibc 2.14
gnu glibc 2.14.1
gnu glibc 2.15
gnu glibc 2.16
gnu eglibc *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80EA2A91-4CBF-4AF4-9776-BF9EFDA67CDF",
              "versionEndIncluding": "2.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AD17CD-545F-425A-92CF-0EE5F5B5F74E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "37880948-2AB5-491A-85E2-B7E271E03B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF8E0DCD-8D39-4C89-9B4C-37025D9BE3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD5D113-EF53-4690-92AC-B6E54D70AA9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92B1C39D-1183-4FAE-85C2-D1DC7AA6F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "733A1711-D2FC-45C6-9542-893860851F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4CFA8E-9892-4DDA-9DB2-581711E974A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:eglibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB89B5AD-38B6-4BB2-A150-90A7807BE024",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n PTR_MANGLE en la GNU C Library (librer\u00eda tambi\u00e9n conocida como glibc o libc6) 2.4, 2.17 y versiones anteriores y Embedded GLIBC (EGLIBC) no inicia el valor aleatorio para la guardia de puntero, lo que facilita a atacantes dependientes del contexto controlar la ejecuci\u00f3n de flujo aprovechando una vulnerabilidad de desbordamiento de b\u00fafer en una aplicaci\u00f3n y utilizando el valor cero conocido guardia de puntero para calcular la direcci\u00f3n de puntero."
    }
  ],
  "evaluatorComment": "Additional information that was taken into consideration while scoring:\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=985625",
  "id": "CVE-2013-4788",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-04T17:55:09.960",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://hmarco.org/bugs/CVE-2013-4788.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2015/Sep/23"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/07/15/9"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/61183"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201503-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://hmarco.org/bugs/CVE-2013-4788.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2015/Sep/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/07/15/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201503-04"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.