QwikSec

Security Database

CVE

CWE

Training

CVE-2012-6089

Published: Jan 4, 2013

Modified: Sep 17, 2024

PUBLISHED

Description

Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths

mailing-list

x_refsource_MLIST

[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=891577

x_refsource_CONFIRM

http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.