Vulnerabilities > CVE-2012-2675 - Numeric Errors vulnerability in Nedprod Nedmalloc 1.10
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
- http://www.openwall.com/lists/oss-security/2012/06/05/1
- http://www.openwall.com/lists/oss-security/2012/06/07/13
- https://github.com/ned14/nedmalloc/blob/master/Readme.html
- https://github.com/ned14/nedmalloc/commit/1a759756639ab7543b650a10c2d77a0ffc7a2000
- https://github.com/ned14/nedmalloc/commit/2965eca30c408c13473c4146a9d47d547d288db1