Unrated severityNVD Advisory· Published Nov 21, 2012· Updated Jun 16, 2026
CVE-2012-4409
CVE-2012-4409
Description
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:mcrypt:mcrypt:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mcrypt:mcrypt:*:*:*:*:*:*:*:*range: <=2.6.8
- cpe:2.3:a:mcrypt:mcrypt:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mcrypt:mcrypt:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:mcrypt:mcrypt:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mcrypt:mcrypt:2.6.7:*:*:*:*:*:*:*
- (no CPE)range: <=2.6.8
Patches
Vulnerability mechanics
References
9- packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.htmlnvdExploit
- secunia.com/advisories/50507nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-September/086519.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-September/087542.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-September/088281.htmlnvd
- secunia.com/advisories/51010nvd
- www.openwall.com/lists/oss-security/2012/09/06/4nvd
- www.securitytracker.com/idnvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.