Memory Allocation Flaw in FreeBSD and NetBSD by jemalloc
CVE-2007-6754

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD; Netbsd
Vendor: CVE Published:; 25 July 2012

What is CVE-2007-6754?

The jemalloc memory allocator in FreeBSD 6.4 and NetBSD contains a flaw in the ipalloc function of libc/stdlib/malloc.c that fails to allocate memory correctly. This vulnerability can be exploited by context-dependent attackers who provide large size values. Such exploitation could lead to memory-related attacks, particularly buffer overflows, presenting significant security risks due to improper handling of integer rounding and overflow errors.

References

http://svnweb.freebsd.org/base?view=revision&revision=167872

x_refsource_CONFIRM

http://kqueue.org/blog/2012/03/05/memory-allocator-securi...

x_refsource_MISC

Timeline

Vulnerability published
Jul 25, 2012
Vulnerability Reserved
Jul 25, 2012