CVE-2012-5667

Description

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.

How to fix CVE-2012-5667

To remediate CVE-2012-5667, upgrade the affected package to a fixed version below.

• Debian/grep—upgrade to 2.11-1 or later

Is CVE-2012-5667 being exploited?

Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.11-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-5667