Vulnerability Details CVE-2012-3368
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v2 Score 2.6
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
- http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
- http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
- https://bugzilla.redhat.com/show_bug.cgi?id=812551
- https://bugzilla.redhat.com/show_bug.cgi?id=835849
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
- http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
- http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
- https://bugzilla.redhat.com/show_bug.cgi?id=812551
- https://bugzilla.redhat.com/show_bug.cgi?id=835849