2.1 CVE-2011-2700

Exploit Buffer Overflow Patch

 

Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.
https://nvd.nist.gov/vuln/detail/CVE-2011-2700

Categories

CWE-120 : Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the "classic" case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* < 2.6.39.4

Exploits

id description date
No known exploits

CAPEC

id description severity
46 Overflow Variables and Tags
High
9 Buffer Overflow in Local Command-Line Utilities
High
47 Buffer Overflow via Parameter Expansion
High
24 Filter Failure through Buffer Overflow
High
8 Buffer Overflow in an API Call
High
100 Overflow Buffers
Very High
44 Overflow Binary Resource File
Very High
42 MIME Conversion
High
67 String Format Overflow in syslog()
Very High
45 Buffer Overflow via Symbolic Links
High
10 Buffer Overflow via Environment Variables
High
14 Client-side Injection-induced Buffer Overflow
High
92 Forced Integer Overflow
High

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution