1
Candidate: CVE-2012-3418
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3418
6
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers
7
to cause a denial of service and possibly execute arbitrary code via (1) a
8
PDU with the numcreds field value greater than the number of actual
9
elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte
10
number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids
11
value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors
12
to the __pmDecodeProfile function in p_profile.c; the (5) status number
13
value or (6) string number value to the __pmDecodeNameList function in
14
p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c;
15
(8) the name length field (namelen) to the DecodeNameReq function in
16
p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function
17
in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function
18
in p_instance.c; (11) the buflen field to the __pmDecodeText function in
19
p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in
20
p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the
21
__pmDecodeLogControl function in p_lcontrol.c, which triggers integer
22
overflows, heap-based buffer overflows, and/or buffer over-reads.
31
upstream_pcp: released (3.6.5)
33
lucid_pcp: ignored (reached end-of-life)
34
natty_pcp: ignored (reached end-of-life)
35
oneiric_pcp: ignored (reached end-of-life)
36
precise_pcp: ignored (reached end-of-life)
37
precise/esm_pcp: DNE (precise was needed)
38
quantal_pcp: ignored (reached end-of-life)
39
raring_pcp: ignored (reached end-of-life)
40
saucy_pcp: ignored (reached end-of-life)
41
trusty_pcp: not-affected
42
utopic_pcp: ignored (reached end-of-life)
43
vivid_pcp: ignored (reached end-of-life)
44
vivid/stable-phone-overlay_pcp: DNE
45
vivid/ubuntu-core_pcp: DNE
46
wily_pcp: ignored (reached end-of-life)
47
xenial_pcp: not-affected
48
yakkety_pcp: not-affected
49
zesty_pcp: not-affected
50
devel_pcp: not-affected