Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 484646 (CVE-2013-4332)

Summary: <sys-libs/glibc-2.19-r1: Three integer overflows in glibc memory allocator (CVE-2013-4332)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: toolchain, ulenrich
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2013/09/11/2
Whiteboard: A2 [glsa cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 518364    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2013-09-12 05:11:26 UTC 
From ${URL} :

I recently discovered three integer overflow issues in the glibc
memory allocator functions pvalloc, valloc and
posix_memalign/memalign/aligned_alloc. These issues cause a large
allocation size to wrap around and cause a wrong sized allocation and
heap corruption. The issues are fixed in glibc mainline.

The relevant glibc bugzilla entries are here:

https://sourceware.org/bugzilla/show_bug.cgi?id=15855
https://sourceware.org/bugzilla/show_bug.cgi?id=15856
https://sourceware.org/bugzilla/show_bug.cgi?id=15857


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2013-10-03 04:28:45 UTC 
Number 1:
https://sourceware.org/bugzilla/show_bug.cgi?id=15855

FIX:
Fixed in commit 1159a193696ad48ec86e5895f6dee3e539619c0e.

Number 2:
https://sourceware.org/bugzilla/show_bug.cgi?id=15856

Fix:
Fixed in commit 55e17aadc1ef17a1df9626fb0e9fba290ece3331.


Number 3:
https://sourceware.org/bugzilla/show_bug.cgi?id=15857

Fix:
Fixed in commit b73ed247781d533628b681f57257dc85882645d3.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-10-15 03:18:35 UTC 
CVE-2013-4332 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4332):
  Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka
  glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause
  a denial of service (heap corruption) via a large value to the (1) pvalloc,
  (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc
  functions.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2013-12-16 13:21:18 UTC 
*** Bug 494444 has been marked as a duplicate of this bug. ***
Comment 4 Ulenrich 2013-12-30 13:16:32 UTC 
My duplicate with the sampled patches from Debian~unstable source
https://bugs.gentoo.org/show_bug.cgi?id=494444

has not only "Check for overflow."
but also a patch to "stack_chk_guard"
and a Debian proposal to not crash when a locale doesn't exist.
Comment 5 Steev Klimaszewski (RETIRED) gentoo-dev 2014-01-05 00:54:02 UTC 
Shouldn't this bug block the stabilization of glibc 2.17?
Comment 6 SpanKY gentoo-dev 2014-02-18 19:23:58 UTC 
i've cherry picked this into the glibc-2.18 patchset
Comment 7 Yury German Gentoo Infrastructure gentoo-dev 2015-03-03 03:43:39 UTC 
Maintainer(s), please drop the vulnerable version(s).

Added to an existing GLSA Request.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2015-03-08 14:54:11 UTC 
This issue was resolved and addressed in
 GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).