CVE-2012-2091
NONE EPSS 92.9%
Published Jun 17, 201214y ago · Modified Jun 16, 20262w ago
Published Jun 17, 2012 14y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.
Threat Intelligence
EPSS Exploit Probability
92.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 6
| Vendor | Product | Version | Range |
|---|---|---|---|
| flightgear | flightgear | * | ≤2.6.0 |
| flightgear | flightgear | 1.9.1 | any |
| flightgear | flightgear | 2.0.0 | any |
| simgear | simgear | * | ≤2.6.0 |
| simgear | simgear | 1.9.1 | any |
| simgear | simgear | 2.0.0 | any |
References 9
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081997.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html
- secunia.com http://secunia.com/advisories/48780
- sourceforge.net http://sourceforge.net/mailarchive/message.php?msg_id=28957051
- sourceforge.net http://sourceforge.net/mailarchive/message.php?msg_id=29012174
- openwall.com http://www.openwall.com/lists/oss-security/2012/04/10/13
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=811617
- security.gentoo.org https://security.gentoo.org/glsa/201603-12
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.