CVE-2012-3420: Medium severity SGI Performance Co-pilot vulnerability
Florian Weimer of the Red Hat Product Security Team discovered two memory leaks in libpcp that can be abused by an unauthenticated remote attacker to crash pmcd (the PCP (Performance Co-Pilot) performance metrics collector daemon) or to consume enough memory to trigger the OOM killer, which may have impact on other processes.
Other sources
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the pmGetPDU function in libpcp/src/pdu.c.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2012-3420?
CVE-2012-3420 is considered to have a high severity due to its potential to cause denial of service through memory leaks.
How do I fix CVE-2012-3420?
To fix CVE-2012-3420, upgrade to Performance Co-Pilot version 3.6.5 or later.
What are the potential impacts of CVE-2012-3420?
The potential impacts of CVE-2012-3420 include memory consumption and daemon crashes, leading to denial of service.
Which versions of Performance Co-Pilot are affected by CVE-2012-3420?
CVE-2012-3420 affects Performance Co-Pilot versions up to 3.6.4 and specific earlier versions such as 2.1.1 through 2.2.
Who can exploit CVE-2012-3420?
Remote attackers can exploit CVE-2012-3420 by sending a large number of crafted PDUs to the vulnerable Performance Co-Pilot daemon.