CVE-2012-3420

Name of the Vulnerable Software and Affected Versions Performance Co-Pilot (PCP) versions prior to 3.6.5

Description The issue involves multiple memory leaks that can be exploited by remote attackers to cause a denial of service, either by consuming excessive memory or crashing the daemon. This can be achieved by sending a large number of PDUs with a crafted context number to the DoFetch function in pmcd/src/dofetch.c or a negative type value to the pmGetPDU function in libpcp/src/pdu.c. The vulnerability can be exploited remotely, potentially leading to a disruption in the availability of protected information.

Recommendations For Performance Co-Pilot (PCP) versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the DoFetch function and the pmGetPDU function to minimize the risk of exploitation.