CVE-2012-3420

NameCVE-2012-3420
DescriptionMultiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2533-1
NVD severitymedium (attack range: remote)
Debian Bugs685476

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pcp (PTS)jessie3.9.10fixed
sid3.11.6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pcpsource(unstable)3.6.5medium685476
pcpsourcesqueeze3.3.3-squeeze2mediumDSA-2533-1

Search for package or bug name: Reporting problems