What is the severity of CVE-2013-4788?

CVE-2013-4788 has been rated as a medium severity vulnerability due to the potential for context-dependent attackers to control execution flow.

How do I fix CVE-2013-4788?

To fix CVE-2013-4788, you should upgrade your GNU C Library to version 2.18 or later.

What versions of glibc are affected by CVE-2013-4788?

CVE-2013-4788 affects glibc versions 2.4, 2.17, and earlier, as well as various versions of EGLIBC.

What does CVE-2013-4788 exploit?

CVE-2013-4788 exploits an uninitialized random value for the pointer guard, which can lead to buffer overflow vulnerabilities.

Can CVE-2013-4788 be exploited remotely?

CVE-2013-4788 is context-dependent and may require local access to exploit, but it can lead to significant risks if successfully leveraged.

Vulnerability/
CVE-2013-4788

medium

5.1

CWE

4/10/2013

6/8/2024

CVE-2013-4788: Input Validation

First published: Fri Oct 04 2013(Updated: )

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GNU C Library (glibc)	<=2.17
GNU C Library (glibc)	=2.0
GNU C Library (glibc)	=2.0.1
GNU C Library (glibc)	=2.0.2
GNU C Library (glibc)	=2.0.3
GNU C Library (glibc)	=2.0.4
GNU C Library (glibc)	=2.0.5
GNU C Library (glibc)	=2.0.6
GNU C Library (glibc)	=2.1
GNU C Library (glibc)	=2.1.1
GNU C Library (glibc)	=2.1.1.6
GNU C Library (glibc)	=2.1.2
GNU C Library (glibc)	=2.1.3
GNU C Library (glibc)	=2.1.9
GNU C Library (glibc)	=2.4
GNU C Library (glibc)	=2.10.1
GNU C Library (glibc)	=2.11
GNU C Library (glibc)	=2.11.1
GNU C Library (glibc)	=2.11.2
GNU C Library (glibc)	=2.11.3
GNU C Library (glibc)	=2.12.1
GNU C Library (glibc)	=2.12.2
GNU C Library (glibc)	=2.13
GNU C Library (glibc)	=2.14
GNU C Library (glibc)	=2.14.1
GNU C Library (glibc)	=2.15
GNU C Library (glibc)	=2.16
GNU EGLIBC

Remedy

http://hmarco.org/bugs/CVE-2013-4788.html

Remedy

http://www.openwall.com/lists/oss-security/2013/07/15/9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-4788?
CVE-2013-4788 has been rated as a medium severity vulnerability due to the potential for context-dependent attackers to control execution flow.
How do I fix CVE-2013-4788?
To fix CVE-2013-4788, you should upgrade your GNU C Library to version 2.18 or later.
What versions of glibc are affected by CVE-2013-4788?
CVE-2013-4788 affects glibc versions 2.4, 2.17, and earlier, as well as various versions of EGLIBC.
What does CVE-2013-4788 exploit?
CVE-2013-4788 exploits an uninitialized random value for the pointer guard, which can lead to buffer overflow vulnerabilities.
Can CVE-2013-4788 be exploited remotely?
CVE-2013-4788 is context-dependent and may require local access to exploit, but it can lead to significant risks if successfully leveraged.

agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/weakness
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/gnu
canonical/gnu c library (glibc)
version/gnu c library (glibc)/2.17
version/gnu c library (glibc)/2.0
version/gnu c library (glibc)/2.0.1
version/gnu c library (glibc)/2.0.2
version/gnu c library (glibc)/2.0.3
version/gnu c library (glibc)/2.0.4
version/gnu c library (glibc)/2.0.5
version/gnu c library (glibc)/2.0.6
version/gnu c library (glibc)/2.1
version/gnu c library (glibc)/2.1.1
version/gnu c library (glibc)/2.1.1.6
version/gnu c library (glibc)/2.1.2
version/gnu c library (glibc)/2.1.3
version/gnu c library (glibc)/2.1.9
version/gnu c library (glibc)/2.4
version/gnu c library (glibc)/2.10.1
version/gnu c library (glibc)/2.11
version/gnu c library (glibc)/2.11.1
version/gnu c library (glibc)/2.11.2
version/gnu c library (glibc)/2.11.3
version/gnu c library (glibc)/2.12.1
version/gnu c library (glibc)/2.12.2
version/gnu c library (glibc)/2.13
version/gnu c library (glibc)/2.14
version/gnu c library (glibc)/2.14.1
version/gnu c library (glibc)/2.15
version/gnu c library (glibc)/2.16
canonical/gnu eglibc

Frequently Asked Questions

What is the severity of CVE-2013-4788?
CVE-2013-4788 has been rated as a medium severity vulnerability due to the potential for context-dependent attackers to control execution flow.
How do I fix CVE-2013-4788?
To fix CVE-2013-4788, you should upgrade your GNU C Library to version 2.18 or later.
What versions of glibc are affected by CVE-2013-4788?
CVE-2013-4788 affects glibc versions 2.4, 2.17, and earlier, as well as various versions of EGLIBC.
What does CVE-2013-4788 exploit?
CVE-2013-4788 exploits an uninitialized random value for the pointer guard, which can lead to buffer overflow vulnerabilities.
Can CVE-2013-4788 be exploited remotely?
CVE-2013-4788 is context-dependent and may require local access to exploit, but it can lead to significant risks if successfully leveraged.

CVE-2013-4788: Input Validation

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-4788?

How do I fix CVE-2013-4788?

What versions of glibc are affected by CVE-2013-4788?

What does CVE-2013-4788 exploit?

Can CVE-2013-4788 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-4788?

How do I fix CVE-2013-4788?

What versions of glibc are affected by CVE-2013-4788?

What does CVE-2013-4788 exploit?

Can CVE-2013-4788 be exploited remotely?