What is the severity of CVE-2012-4527?

CVE-2012-4527 is categorized as a high severity vulnerability due to the potential for buffer overflow exploits.

How do I fix CVE-2012-4527?

To fix CVE-2012-4527, update Mcrypt to a version higher than 2.6.8 or apply the relevant patches provided.

What software is affected by CVE-2012-4527?

CVE-2012-4527 affects versions of Mcrypt up to and including 2.6.8, as well as specific versions 2.6.4, 2.6.5, 2.6.6, and 2.6.7.

Can CVE-2012-4527 lead to data breaches?

Yes, if exploited, CVE-2012-4527 can potentially lead to data breaches through unauthorized access or data manipulation.

Is CVE-2012-4527 a widely known vulnerability?

Yes, CVE-2012-4527 is a known vulnerability within the Mcrypt library and has been discussed in various security advisories.

Vulnerability/
CVE-2012-4527

medium

6.8

CWE

119

18/10/2012

21/11/2012

6/8/2024

CVE-2012-4527: Buffer Overflow

First published: Thu Oct 18 2012(Updated: )

Created <span class=""><a href="attachment.cgi?id=629285&action=diff" name="attach_629285" title="patch to fix the buffer overflow">attachment 629285</a> <a href="attachment.cgi?id=629285&action=edit" title="patch to fix the buffer overflow">[details]</a></span> patch to fix the buffer overflow Description of problem: A buffer overflow in mcrypt version 2.6.8 and earlier due to long filenames. If a user were tricked into attempting to encrypt/decrypt specially crafted long filename(s), this flaw would cause a stack-based buffer overflow that could potentially lead to arbitrary code execution. Note that this is caught by FORTIFY_SOURCE, which renders this to being a crash-only bug on Fedora. There are currently no upstream patches for this flaw. Version-Release number of selected component (if applicable): mcrypt-2.6.8-9.el6 (possibly others too). How reproducible: Run mcrypt with ~128 byte long file names.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Libgcrypt	<=2.6.8
Libgcrypt	=2.6.4
Libgcrypt	=2.6.5
Libgcrypt	=2.6.6
Libgcrypt	=2.6.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4527?
CVE-2012-4527 is categorized as a high severity vulnerability due to the potential for buffer overflow exploits.
How do I fix CVE-2012-4527?
To fix CVE-2012-4527, update Mcrypt to a version higher than 2.6.8 or apply the relevant patches provided.
What software is affected by CVE-2012-4527?
CVE-2012-4527 affects versions of Mcrypt up to and including 2.6.8, as well as specific versions 2.6.4, 2.6.5, 2.6.6, and 2.6.7.
Can CVE-2012-4527 lead to data breaches?
Yes, if exploited, CVE-2012-4527 can potentially lead to data breaches through unauthorized access or data manipulation.
Is CVE-2012-4527 a widely known vulnerability?
Yes, CVE-2012-4527 is a known vulnerability within the Mcrypt library and has been discussed in various security advisories.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-4527
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/description
agent/event
agent/trending
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/mcrypt
canonical/libgcrypt
version/libgcrypt/2.6.8
version/libgcrypt/2.6.4
version/libgcrypt/2.6.5
version/libgcrypt/2.6.6
version/libgcrypt/2.6.7