CVE-2011-2702
CVE-2011-2702
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/20167unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.novell.com/show_bug.cgi?id=706915http://seclists.org/oss-sec/2011/q3/123http://seclists.org/oss-sec/2011/q3/153https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6ehttp://www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLog?view=markup&pathrev=10032http://www.nodefense.org/eglibc.txthttp://www.osvdb.org/80718http://xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/