DescriptionInteger signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamNone of our shipped products contained the affected Intel SSSE3 optimized assembler memcpy code. SUSE Linux Enterprise 11 SP2 and openSUSE 12.1 will start to contain the new code and have been cross checked to be using the fixed code. SUSE Bugzilla entries: 1123874 [NEW], 706915 [RESOLVED / UPSTREAM], 990472 [RESOLVED / WONTFIX] No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVECVE page created: Tue Jul 9 19:12:53 2013
CVE page last modified: Mon Jun 26 11:17:35 2023