CVE-2012-2091 - Vulnerability Details - OpenCVE

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flightgear	Flightgear
Simgear	Simgear

Configuration 1 [-]

OR	cpe:2.3:a:flightgear:flightgear::::::::
	cpe:2.3:a:flightgear:flightgear:1.9.1:::::::*
	cpe:2.3:a:flightgear:flightgear:2.0.0:::::::*
	cpe:2.3:a:simgear:simgear::::::::
	cpe:2.3:a:simgear:simgear:1.9.1:::::::*
	cpe:2.3:a:simgear:simgear:2.0.0:::::::*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html
http://secunia.com/advisories/48780
http://sourceforge.net/mailarchive/message.php?msg_id=28957051
http://sourceforge.net/mailarchive/message.php?msg_id=29012174
http://www.openwall.com/lists/oss-security/2012/04/10/13
https://bugzilla.redhat.com/show_bug.cgi?id=811617
https://security.gentoo.org/glsa/201603-12

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-17T01:00:00

Updated: 2024-08-06T19:26:07.238Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2091

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-06-17T03:41:40.607

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-2091

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T15:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "48780", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48780"}, {"name": "FEDORA-2012-8615", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html"}, {"name": "[oss-security] 20120410 Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/10/13"}, {"name": "FEDORA-2012-8650", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=811617"}, {"name": "GLSA-201603-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-12"}, {"name": "[Flightgear-devel] 20120320 Re: Flightgear and Simgear multiple format string vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29012174"}, {"name": "FEDORA-2012-8647", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html"}, {"name": "[Flightgear-devel] 20120309 Flightgear and Simgear multiple format string vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://sourceforge.net/mailarchive/message.php?msg_id=28957051"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:07.238Z"}, "title": "CVE Program Container", "references": [{"name": "48780", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48780"}, {"name": "FEDORA-2012-8615", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html"}, {"name": "[oss-security] 20120410 Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/10/13"}, {"name": "FEDORA-2012-8650", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=811617"}, {"name": "GLSA-201603-12", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-12"}, {"name": "[Flightgear-devel] 20120320 Re: Flightgear and Simgear multiple format string vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29012174"}, {"name": "FEDORA-2012-8647", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html"}, {"name": "[Flightgear-devel] 20120309 Flightgear and Simgear multiple format string vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://sourceforge.net/mailarchive/message.php?msg_id=28957051"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2091", "datePublished": "2012-06-17T01:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:07.238Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flightgear:flightgear:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC81BE3E-813A-4348-B845-35BBA02ABBCD", "versionEndIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightgear:flightgear:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "C2A22029-37C3-4E48-A0B7-BF8A317F7EA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightgear:flightgear:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F778F4A4-4994-4C93-BA5E-6A1C5BDA354C", "vulnerable": true}, {"criteria": "cpe:2.3:a:simgear:simgear:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5A0A5E8-7606-49C4-A294-FB258F8C0643", "versionEndIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:simgear:simgear:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "703223A4-4C9A-4359-A950-C395CD53BE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:simgear:simgear:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F3A247B-969D-484E-8BEC-1A42F600839E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en FlightGear v2.6 y versiones anteriores y SimGear v2.6 y versiones anteriores, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente permite ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1)una cadena larga en una etiqueta del rotor de un modelo de aeronave en xml para la funci\u00f3n Rotor::getValueforFGSet en src/FDM/YASim/Rotor.cpp o (2) un paquete UDP modificado para la funci\u00f3n en SGSocketUDP::read en simGear/simGear/simGear/io/sg_socket_udp.cxx."}], "id": "CVE-2012-2091", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-06-17T03:41:40.607", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48780"}, {"source": "secalert@redhat.com", "url": "http://sourceforge.net/mailarchive/message.php?msg_id=28957051"}, {"source": "secalert@redhat.com", "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29012174"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/10/13"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=811617"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201603-12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/mailarchive/message.php?msg_id=28957051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29012174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/04/10/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=811617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-12"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}