medium
5
CWE
119 189 190
Advisory Published
CVE Published
Updated

CVE-2012-3418: Buffer Overflow

First published: Thu Jul 19 2012(Updated: )

Florian Weimer of the Red Hat Product Security Team discovered multiple integer and heap-based buffer overflow flaws in PCP (Performance Co-Pilot) libpcp protocol decoding functions. These flaws could lead to daemon crashes or the execution of arbitrary code with root privileges. Many of these flaws can be exploited without requiring the attacker to be authenticated.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/pcp<3.6.5
3.6.5
Performance Co-Pilot<=3.6.4
Performance Co-Pilot=2.1.1
Performance Co-Pilot=2.1.2
Performance Co-Pilot=2.1.3
Performance Co-Pilot=2.1.4
Performance Co-Pilot=2.1.5
Performance Co-Pilot=2.1.6
Performance Co-Pilot=2.1.7
Performance Co-Pilot=2.1.8
Performance Co-Pilot=2.1.9
Performance Co-Pilot=2.1.10
Performance Co-Pilot=2.1.11
Performance Co-Pilot=2.2

Remedy

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd

Remedy

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c

Remedy

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5

Remedy

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a

Remedy

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c

Remedy

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910

Remedy

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2012-3418?

    CVE-2012-3418 has a severity rating that indicates it can lead to a denial of service and potentially allows for arbitrary code execution.

  • How do I fix CVE-2012-3418?

    To mitigate CVE-2012-3418, upgrade to Performance Co-Pilot version 3.6.5 or later.

  • What systems are affected by CVE-2012-3418?

    CVE-2012-3418 affects Performance Co-Pilot versions prior to 3.6.5, including various 2.x versions.

  • Can CVE-2012-3418 be exploited remotely?

    Yes, CVE-2012-3418 can be exploited by remote attackers to trigger a denial of service.

  • What is the common impact of CVE-2012-3418?

    The common impact of CVE-2012-3418 includes service interruptions and potential unauthorized execution of code.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203