CVE-2013-4332
Description
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflows in glibc memory allocator functions could cause heap corruption leading to denial of service or arbitrary code execution.
Vulnerability
Multiple integer overflow flaws exist in the memory allocator functions pvalloc, valloc, posix_memalign, memalign, and aligned_alloc within the GNU C Library (glibc) version 2.18 and earlier [1][4]. When a large allocation size is passed to any of these functions, the size wraps around, causing an undersized allocation and subsequent heap corruption [4].
Exploitation
An attacker can exploit these flaws by providing a large size value to a vulnerable application that calls any of the affected functions. No special privileges are required; the attacker only needs the ability to supply a large size argument. The integer overflow leads to heap corruption, which may manifest as a crash or potentially be leveraged for code execution [1].
Impact
Successful exploitation results in heap corruption. The primary impact is denial of service due to application crash. In some cases, an attacker could achieve arbitrary code execution with the privileges of the user running the application [1].
Mitigation
Red Hat Enterprise Linux 6 systems should apply the updated glibc package provided in RHSA-2013-1605, which backports the upstream fixes [1]. Ubuntu systems were updated via USN-1991-1 [3]. Upstream patches are available in the glibc source repository [4]. Users are advised to update their glibc installations as soon as possible.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
29cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.18
- cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- www.openwall.com/lists/oss-security/2013/09/12/6nvdPatch
- sourceware.org/bugzilla/show_bug.cginvdExploit
- sourceware.org/bugzilla/show_bug.cginvdExploit
- rhn.redhat.com/errata/RHSA-2013-1411.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1605.htmlnvd
- secunia.com/advisories/55113nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/62324nvd
- www.ubuntu.com/usn/USN-1991-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- security.gentoo.org/glsa/201503-04nvd
- sourceware.org/bugzilla/show_bug.cginvd
News mentions
0No linked articles in our index yet.