CVE-2005-4895

Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog
http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:csilvers:gperftools::::::::
	cpe:2.3:a:csilvers:gperftools:0.1:::::::*
	cpe:2.3:a:csilvers:gperftools:0.2:::::::*

History

No history.

Information

Published : 2012-07-25 19:55

Updated : 2024-02-28 12:00

NVD link : CVE-2005-4895

Mitre link : CVE-2005-4895

CVE.ORG link : CVE-2005-4895

JSON object : View

Products Affected

csilvers

gperftools

CWE

CWE-189

Numeric Errors

{"id": "CVE-2005-4895", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-25T19:55:01.273", "references": [{"url": "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog", "source": "cve@mitre.org"}, {"url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en TCMalloc (tcmalloc.cc) en gperftools antes v0.4 hace que sea m\u00e1s f\u00e1cil para los atacantes dependientes de contexto realizar ataques relacionados con la memoria, tales como desbordamientos de memoria a trav\u00e9s de un valor de tama\u00f1o grande, lo que causa que se asigne menos memoria de lo esperado."}], "lastModified": "2012-08-09T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEC9A6EA-129D-4A9E-A3F6-379FC64E4B22", "versionEndIncluding": "0.3"}, {"criteria": "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BDB58C4-45E6-401B-9305-B422E7760FB3"}, {"criteria": "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0D76DB5-A8CA-4667-8B62-F38132D7A5C8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}