PT-2012-1264 · Freebsd Project/The Netbsd Foundation+3 · Libc+3

Published

2012-07-25

Updated

2012-07-26

CVE-2007-6754

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions jemalloc in libc for FreeBSD version 6.4 jemalloc in libc for NetBSD (affected versions not specified)

Description The issue is related to the ipalloc function in libc/stdlib/malloc.c which does not properly allocate memory. This can make it easier for attackers to perform memory-related attacks, such as buffer overflows, via a large size value. The issue is related to "integer rounding and overflow" errors.

Recommendations For jemalloc in libc for FreeBSD version 6.4, consider updating to a version that properly allocates memory to prevent memory-related attacks. For jemalloc in libc for NetBSD, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2007-6754

Affected Products

Freebsd

Netbsd

Jemalloc

Libc

PT-2012-1264 · Freebsd Project/The Netbsd Foundation+3 · Libc+3

CVE-2007-6754

Weakness Enumeration

Related Identifiers

Affected Products

References · 3