CVE-2012-3418

Summary

CVE	CVE-2012-3418
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-08-27 23:55:02 UTC
Updated	2026-04-29 01:13:23 UTC
Description	libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem Types: CWE-189 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Sgi	Performance Co-pilot	2.1.1	All	All	All
Application	Sgi	Performance Co-pilot	2.1.10	All	All	All
Application	Sgi	Performance Co-pilot	2.1.11	All	All	All
Application	Sgi	Performance Co-pilot	2.1.2	All	All	All
Application	Sgi	Performance Co-pilot	2.1.3	All	All	All
Application	Sgi	Performance Co-pilot	2.1.4	All	All	All
Application	Sgi	Performance Co-pilot	2.1.5	All	All	All
Application	Sgi	Performance Co-pilot	2.1.6	All	All	All
Application	Sgi	Performance Co-pilot	2.1.7	All	All	All
Application	Sgi	Performance Co-pilot	2.1.8	All	All	All
Application	Sgi	Performance Co-pilot	2.1.9	All	All	All
Application	Sgi	Performance Co-pilot	2.2	All	All	All
Application	Sgi	Performance Co-pilot	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
840920 – pmcd (and others) heap-based buffer overflow in __pmDecodeNameList	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
hermes.opensuse.org/messages/15540172	af854a3a-2127-422b-91ae-364da2661108	hermes.opensuse.org
Debian -- Security Information -- DSA-2533-1 pcp	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
841159 – __pmDecodeResult multiple vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
[security-announce] SUSE-SU-2013:0190-1: important: Security update for	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
hermes.opensuse.org/messages/15540133	af854a3a-2127-422b-91ae-364da2661108	hermes.opensuse.org
oss.sgi.com Git - pcp/pcp.git/blob - CHANGELOG	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
841249 – __pmDecodeText heap overflow	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
Bug Access Denied	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
841284 – __pmDecodeInstance vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
[SECURITY] Fedora 17 Update: pcp-3.6.5-1.fc17	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
841183 – Missing namelen check in __pmDecodeFetch	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
841180 – DecodeNameReq buffer overflow	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
[SECURITY] Fedora 16 Update: pcp-3.6.5-1.fc16	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
840822 – Crash in __pmDecodeCreds decoding crafted PDUs	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
841112 – __pmDecodeIDList lacks check against PDU size	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
oss-security - pcp: Multiple security flaws	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
hermes.opensuse.org/messages/15471040	af854a3a-2127-422b-91ae-364da2661108	hermes.opensuse.org
841240 – __pmDecodeInstanceReq heap buffer overflow	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
841698 – (CVE-2012-3418) CVE-2012-3418 pcp: multiple integer and heap-based buffer overflow flaws	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
Invalid URL	af854a3a-2127-422b-91ae-364da2661108	oss.sgi.com
oss.sgi.com Git - pcp/pcp.git/blob - CHANGELOG	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
Invalid URL	MITRE	oss.sgi.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.