Vulnerabilities > CVE-2012-5667 - Numeric Errors vulnerability in GNU Grep

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
CWE-189
nessus
exploit available
NVD
Published: 2013-01-03
Updated: 2023-11-07

Summary

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Gnu
19

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionGrep < 2.11 Integer Overflow Crash PoC. CVE-2012-5667. Dos exploit for linux platform
idEDB-ID:23779
last seen2016-02-02
modified2012-12-31
published2012-12-31
reporterJoshua Rogers
sourcehttps://www.exploit-db.com/download/23779/
titleGrep < 2.11 Integer Overflow Crash PoC

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1447.NASL
    descriptionUpdated grep packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the
    last seen2020-06-01
    modified2020-06-02
    plugin id84948
    published2015-07-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84948
    titleRHEL 6 : grep (RHSA-2015:1447)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1447.NASL
    descriptionUpdated grep packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the
    last seen2020-06-01
    modified2020-06-02
    plugin id85022
    published2015-07-28
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85022
    titleCentOS 6 : grep (CESA-2015:1447)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL69662152.NASL
    descriptionMultiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. (CVE-2012-5667)
    last seen2020-06-01
    modified2020-06-02
    plugin id101094
    published2017-06-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101094
    titleF5 Networks BIG-IP : Grep vulnerability (K69662152)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-598.NASL
    descriptionAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345)
    last seen2020-06-01
    modified2020-06-02
    plugin id86076
    published2015-09-23
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86076
    titleAmazon Linux AMI : grep (ALAS-2015-598)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1447.NASL
    descriptionFrom Red Hat Security Advisory 2015:1447 : Updated grep packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the
    last seen2020-06-01
    modified2020-06-02
    plugin id85108
    published2015-07-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85108
    titleOracle Linux 6 : grep (ELSA-2015-1447)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201403-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201403-07 (grep: User-assisted execution of arbitrary code) An integer overflow flaw has been discovered in grep. Impact : An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id73220
    published2014-03-27
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73220
    titleGLSA-201403-07 : grep: User-assisted execution of arbitrary code
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150722_GREP_ON_SL6_X.NASL
    descriptionAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the
    last seen2020-03-18
    modified2015-08-04
    plugin id85194
    published2015-08-04
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85194
    titleScientific Linux Security Update : grep on SL6.x i386/x86_64 (20150722)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_GREP_20131015.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. (CVE-2012-5667)
    last seen2020-06-01
    modified2020-06-02
    plugin id80634
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80634
    titleOracle Solaris Third-Party Patch Update : grep (cve_2012_5667_heap_buffer)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/119170/grep-overflow.txt
idPACKETSTORM:119170
last seen2016-12-05
published2012-12-31
reporterJoshua Rogers
sourcehttps://packetstormsecurity.com/files/119170/Grep-Integer-Overflow.html
titleGrep Integer Overflow

Redhat

advisories
rhsa
idRHSA-2015:1447
rpms
  • grep-0:2.20-3.el6
  • grep-debuginfo-0:2.20-3.el6

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:77529
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-77529
titleGrep < 2.11 Integer Overflow Crash PoC

References