CVE-2012-2091

Published: Jun 17, 2012Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.

Affected (6)

Products: Flightgear: Flightgear · Simgear: Simgear

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Flightgear Flightgear	Up to 2.6.0
Flightgear Flightgear	Version 1.9.1
Flightgear Flightgear	Version 2.0.0
Simgear Simgear	Up to 2.6.0
Simgear Simgear	Version 1.9.1
Simgear Simgear	Version 2.0.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html

Source: secalert@redhat.com

http://secunia.com/advisories/48780

Source: secalert@redhat.com

Vendor Advisory

http://sourceforge.net/mailarchive/message.php?msg_id=28957051

Source: secalert@redhat.com

http://sourceforge.net/mailarchive/message.php?msg_id=29012174

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/10/13

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=811617

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201603-12

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48780

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sourceforge.net/mailarchive/message.php?msg_id=28957051

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/mailarchive/message.php?msg_id=29012174

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/04/10/13

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=811617

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201603-12

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.