Описание
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
An integer truncation flaw was found in util-linux that potentially causes a buffer overflow if an attacker can use system resources that lead to a large number in the /proc/sysvipc/sem file. The highest threat from this vulnerability is to system availability.
Отчет
This vulnerability is only present in the 32-bit builds of the util-linux package. The standard 64-bit builds (eg x86_64) are not affected. Red Hat Enterprise Linux 8 is marked "Not Affected" since the impacted package is not available as a 32-bit build. In order for exploit to be possible the "kernel.sem" limits controlled by sysctl must be raised to an abnormally high number. Default values on Red Hat Enterprise Linux are too low to make exploitation possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | util-linux | Out of support scope | ||
| Red Hat Enterprise Linux 8 | util-linux | Not affected | ||
| Red Hat Enterprise Linux 9 | util-linux | Not affected |
Показывать по
Дополнительная информация
Статус:
4.7 Medium
CVSS3
Связанные уязвимости
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments and possibly in all realistic environments.
An integer overflow in util-linux through 2.37.1 can potentially cause ...
4.7 Medium
CVSS3