CVE-2012-5667: Buffer Overflow
First published: Mon Dec 24 2012(Updated: )
An integer overflow leading to a heap-based buffer overflow was found in the way grep, A utility used to search through textual input for lines which contain a match to a specified pattern, parsed large lines of data. This flaw could use used to crash grep or potentially execute arbitrary code, if a local user was tricked into running grep on a specially crafted data file. Patch: <a href="http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189">http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189</a> Reference: <a href="http://seclists.org/oss-sec/2012/q4/504">http://seclists.org/oss-sec/2012/q4/504</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/grep | <2.11 | 2.11 |
| Grep | <=2.10 | |
| Grep | =2.2 | |
| Grep | =2.3 | |
| Grep | =2.4 | |
| Grep | =2.4.1 | |
| Grep | =2.4.2 | |
| Grep | =2.5 | |
| Grep | =2.5.1 | |
| Grep | =2.5.1-a | |
| Grep | =2.5.3 | |
| Grep | =2.5.4 | |
| Grep | =2.6 | |
| Grep | =2.6.1 | |
| Grep | =2.6.2 | |
| Grep | =2.6.3 | |
| Grep | =2.7 | |
| Grep | =2.8 | |
| Grep | =2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91
- http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
- http://git.sv.gnu.org/gitweb/?p=grep.git;a=shortlog;h=v2.11
- http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
- http://openwall.com/lists/oss-security/2012/12/22/6
- http://rhn.redhat.com/errata/RHSA-2015-1447.html
- http://www.securityfocus.com/bid/57033
- https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
- https://bugzilla.redhat.com/show_bug.cgi?id=889935
- http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
- http://seclists.org/oss-sec/2012/q4/504
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=686585&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=686585&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=686605&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=686605&action=edit
- https://rhn.redhat.com/errata/RHSA-2015-1447.html
Frequently Asked Questions
What is the severity of CVE-2012-5667?
CVE-2012-5667 has a severity rating that suggests it can lead to a heap-based buffer overflow, potentially allowing for arbitrary code execution.
How do I fix CVE-2012-5667?
To mitigate CVE-2012-5667, users should upgrade to grep version 2.11 or later.
Which versions of grep are affected by CVE-2012-5667?
Grep versions prior to 2.11, including but not limited to versions 2.2 through 2.10, are impacted by CVE-2012-5667.
What impact does CVE-2012-5667 have on system security?
CVE-2012-5667 can cause grep to crash and may permit the execution of arbitrary code, posing a significant security risk.
Is it safe to use grep versions before 2.11 due to CVE-2012-5667?
It is not safe to use grep versions prior to 2.11 as they are vulnerable to exploitation via CVE-2012-5667.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-5667
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/gnu
- canonical/grep
- version/grep/2.10
- version/grep/2.2
- version/grep/2.3
- version/grep/2.4
- version/grep/2.4.1
- version/grep/2.4.2
- version/grep/2.5
- version/grep/2.5.1
- version/grep/2.5.1-a
- version/grep/2.5.3
- version/grep/2.5.4
- version/grep/2.6
- version/grep/2.6.1
- version/grep/2.6.2
- version/grep/2.6.3
- version/grep/2.7
- version/grep/2.8
- version/grep/2.9