Your submission was sent successfully! Close

CVE-2012-2091

Published: 17 June 2012

Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.

Priority

Medium

Status

Package Release Status
flightgear
Launchpad, Ubuntu, Debian
artful Not vulnerable

hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring
Released (2.6.0-1ubuntu1)
saucy Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

utopic Not vulnerable

vivid Does not exist

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable

simgear
Launchpad, Ubuntu, Debian
artful Not vulnerable

hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring
Released (2.6.0-3ubuntu1.1)
saucy Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

utopic Not vulnerable

vivid Does not exist

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable