| Vulnerability Name: | CCN-10553 | ||||||
| Published: | 2002-08-05 | ||||||
| Updated: | 2002-08-05 | ||||||
| Summary: | Multiple C, C++, and Ada run-time libraries and language-specific allocators are vulnerable to an integer overflow in the calloc function and possibly other memory allocation functions. This occurs when the size of memory that is required for a buffer is incorrectly computed, and the calloc function returns a buffer size that is too small, instead of displaying a programming error. This could result in the development of applications that are vulnerable to multiple local and remote buffer overflows. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
| Vulnerability Consequences: | Other | ||||||
| References: | Source: CCN Type: RUS-CERT Advisory 2002-08:02 Flaw in calloc and similar routines Source: CCN Type: Conectiva Linux Announcement CLSA-2002:535 Fix for several vulnerabilities and daylight saving time for Brazil Source: CCN Type: BID-7249 Multiple HP Tru64 C Library Vulnerabilities Source: XF Type: UNKNOWN calloc-memory-size-overflow(10553) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||