github - ghsa-g9q5-wfrj-hfmv

ghsa-g9q5-wfrj-hfmv

Vulnerability from github

Published

2022-05-17 05:17

Modified

2022-05-17 05:17

Details

Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-6090"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-01-04T11:52:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.",
  "id": "GHSA-g9q5-wfrj-hfmv",
  "modified": "2022-05-17T05:17:04Z",
  "published": "2022-05-17T05:17:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6090"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
    },
    {
      "type": "WEB",
      "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2013/01/03/7"
    },
    {
      "type": "WEB",
      "url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2012-6090 (GCVE-0-2012-6090)

Vulnerability from cvelistv5

Published

2013-01-04 11:00

Modified

2024-09-16 20:22

Severity ?

CWE

n/a

Summary

Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.

References

►

URL

Tags

	http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2013/01/03/7	mailing-list, x_refsource_MLIST
	https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=891577	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:21:28.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
          },
          {
            "name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/01/03/7"
          },
          {
            "name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-01-04T11:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
        },
        {
          "name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/01/03/7"
        },
        {
          "name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-6090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e",
              "refsource": "CONFIRM",
              "url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
            },
            {
              "name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/01/03/7"
            },
            {
              "name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
              "refsource": "MLIST",
              "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-6090",
    "datePublished": "2013-01-04T11:00:00Z",
    "dateReserved": "2012-12-06T00:00:00Z",
    "dateUpdated": "2024-09-16T20:22:34.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.