Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-1929

Опубликовано: 27 мар. 2013
Источник: redhat
CVSS2: 6.2
EPSS Низкий

Описание

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. The Red Hat Security Response Team has rated this issue as having low security impact because physical access is needed to exploit this issue. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=949932Kernel: tg3: buffer overflow in VPD firmware parsing

EPSS

Процентиль: 37%
0.00157
Низкий

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-1929

ubuntu
около 12 лет назад

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.

nvd логотип

CVE-2013-1929

nvd
около 12 лет назад

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.

debian логотип

CVE-2013-1929

debian
около 12 лет назад

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net ...

github логотип

GHSA-w3j5-8m88-j68f

github
около 3 лет назад

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.

oracle-oval логотип

ELSA-2013-2534

oracle-oval
около 12 лет назад

ELSA-2013-2534: Unbreakable Enterprise kernel Security update (MODERATE)

EPSS

Процентиль: 37%
0.00157
Низкий

6.2 Medium

CVSS2