QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4409

Published: Nov 21, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2012-13599

vendor-advisory

x_refsource_FEDORA

FEDORA-2012-13657

vendor-advisory

x_refsource_FEDORA

http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html

x_refsource_MISC

FEDORA-2012-13656

vendor-advisory

x_refsource_FEDORA

[oss-security] 20120906 Re: CVE request - mcrypt buffer overflow flaw

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=855029

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.