CVE-2013-4332

Published: Oct 9, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

Affected (28)

Products: Gnu: Glibc · Redhat: Enterprise Linux

1 product

1 product

Enterprise Linux

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Up to 2.18
Gnu Glibc	Version 2.0.1
Gnu Glibc	Version 2.0.2
Gnu Glibc	Version 2.0.3
Gnu Glibc	Version 2.0.4
Gnu Glibc	Version 2.0.5
Gnu Glibc	Version 2.0.6
Gnu Glibc	Version 2.0
Gnu Glibc	Version 2.1.1.6
Gnu Glibc	Version 2.1.1
Gnu Glibc	Version 2.1.2
Gnu Glibc	Version 2.1.3
Gnu Glibc	Version 2.1.9
Gnu Glibc	Version 2.10.1
Gnu Glibc	Version 2.11.1
Gnu Glibc	Version 2.11.2
Gnu Glibc	Version 2.11.3
Gnu Glibc	Version 2.11
Gnu Glibc	Version 2.12.1
Gnu Glibc	Version 2.12.2
Gnu Glibc	Version 2.13
Gnu Glibc	Version 2.14.1
Gnu Glibc	Version 2.14
Gnu Glibc	Version 2.15
Gnu Glibc	Version 2.16
Gnu Glibc	Version 2.17
Gnu Glibc	Version 2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 5

Related CWEs

References (26)

http://rhn.redhat.com/errata/RHSA-2013-1411.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1605.html

Source: secalert@redhat.com

http://secunia.com/advisories/55113

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:283

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:284

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/09/12/6

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/bid/62324

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1991-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201503-04

Source: secalert@redhat.com

https://sourceware.org/bugzilla/show_bug.cgi?id=15855

Source: secalert@redhat.com

Exploit

https://sourceware.org/bugzilla/show_bug.cgi?id=15856

Source: secalert@redhat.com

https://sourceware.org/bugzilla/show_bug.cgi?id=15857

Source: secalert@redhat.com

Exploit

http://rhn.redhat.com/errata/RHSA-2013-1411.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-1605.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/55113

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:283

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:284

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/09/12/6

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/62324

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1991-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201503-04

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceware.org/bugzilla/show_bug.cgi?id=15855

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://sourceware.org/bugzilla/show_bug.cgi?id=15856

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceware.org/bugzilla/show_bug.cgi?id=15857

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.