Upstream information
Description
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.8 |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Note from the SUSE Security Team
None of our shipped products contained the affected Intel SSSE3 optimized assembler memcpy code. SUSE Linux Enterprise 11 SP2 and openSUSE 12.1 will start to contain the new code and have been cross checked to be using the fixed code. SUSE Bugzilla entries: 1123874 [NEW], 706915 [RESOLVED / UPSTREAM], 990472 [RESOLVED / WONTFIX] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Jul 9 19:12:53 2013CVE page last modified: Mon Jun 26 11:17:35 2023