#VU43215 Input validation error in grep - CVE-2012-5667

Cybersecurity Help s.r.o.

Published: 2013-01-03 | Updated: 2020-08-11

Vulnerability identifier: #VU43215

Vulnerability risk: Medium

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2012-5667

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
grep
Other software / Other software solutions

Vendor: GNU

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

Mitigation
Install update from vendor's website.

Vulnerable software versions

grep: 2.2 - 2.9

External links
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
https://git.sv.gnu.org/gitweb/?p=grep.git;a=shortlog;h=v2.11
https://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
https://openwall.com/lists/oss-security/2012/12/22/6
https://rhn.redhat.com/errata/RHSA-2015-1447.html
https://www.securityfocus.com/bid/57033
https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
https://bugzilla.redhat.com/show_bug.cgi?id=889935

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Amazon Linux AMI update for grep

Gentoo update for grep

Input validation error in GNU grep