Unrated severityNVD Advisory· Published Oct 27, 2014· Updated May 6, 2026

CVE-2011-2702

Description

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.

Affected products

GNU/Eglibc
cpe:2.3:a:gnu:eglibc:*:*:*:*:*:*:*:*
Range: <=2.12
GNU/Glibc3 versions
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.12.2
- cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xorl.wordpress.com/2011/08/06/cve-2011-2702-eglibc-and-glibc-signedness-issue/nvdExploit
seclists.org/oss-sec/2011/q3/123nvd
seclists.org/oss-sec/2011/q3/153nvd
www.eglibc.org/cgi-bin/viewvc.cgi/trunk/libc/ChangeLognvd
www.nodefense.org/eglibc.txtnvd
www.osvdb.org/80718nvd
bugzilla.novell.com/show_bug.cginvd
sourceware.org/git/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000