NVD Vulnerability Detail

CVE-2011-5320

Summary	scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.
Publication Date	Oct. 18, 2017, 11:29 p.m.
Registration Date	Jan. 28, 2021, 4:40 p.m.
Last Update	Nov. 21, 2024, 10:34 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:gnu:glibc::::::::			2.14.1

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2015/03/12/14	Third Party Advisory
2	https://bugzilla.redhat.com/show_bug.cgi?id=1196745	Third Party Advisory
3	https://marc.info/?l=gimp-developer&m=129567990905823&w=2	Exploit
4	https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4	Issue Tracking
5	https://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=20b38e0
6	https://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=3f8cc204fdd0
7	http://www.openwall.com/lists/oss-security/2015/03/12/14	Third Party Advisory
8	https://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=3f8cc204fdd0
9	https://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=20b38e0
10	https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4	Issue Tracking
11	https://marc.info/?l=gimp-developer&m=129567990905823&w=2	Exploit
12	https://bugzilla.redhat.com/show_bug.cgi?id=1196745	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

glibc におけるバッファエラーの脆弱性

Title	glibc におけるバッファエラーの脆弱性
Summary	glibc には、バッファエラーの脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 10, 2011, midnight
Registration Date	Nov. 15, 2017, 11:04 a.m.
Last Update	Nov. 15, 2017, 11:04 a.m.

Affected System

GNU Project

GNU C Library 2.15 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-5320	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5320
National Vulnerability Database (NVD)
2	CVE-2011-5320	https://nvd.nist.gov/vuln/detail/CVE-2011-5320

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Red Hat Bugzilla
1	Bug 1196745	https://bugzilla.redhat.com/show_bug.cgi?id=1196745
Sourceware Bugzilla
2	Bug 13138	https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4
sourceware.org
3	Fix boundary conditions in scanf	https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
4	sscanf always calls realloc	https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0

Change Log

No	Changed Details	Date of change
0	[2017年11月15日] 掲載	Feb. 17, 2018, 10:37 a.m.