Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-06-07 07:03
Updated : 2023-02-12 20:42
NVD link : CVE-2013-1929
Mitre link : CVE-2013-1929
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
linux
- linux_kernel