CVE-2012-3418

libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.

公开: 2012-08-27 最后更新: 2026-06-16 分配方: [email protected] 来源: [email protected]

结论预警: CVE-2012-3418 综合评估为中等风险(54.4/100):CVSS 技术影响为中级,利用概率偏高(EPSS 5.75%,百分位 92%) 核心证据: EPSS 显示该漏洞近期被利用的可能性处于高位。 近一日 EPSS 上升 +2.17%,被利用关注度持续升高。 强制指令: 被利用概率偏高—请排查暴露面并优先安排修补。

风险随态势动态变化;本站持续评估并同步更新本页展示内容。

CVE-2012-3418 的 EPSS(利用预测评分)

EPSS 日更估计相对被利用可能性;百分位表示该 CVE 在已评分漏洞中的相对排名(越高表示相对更严重)。

# 日期 旧 EPSS 分数 新 EPSS 分数 变化(新 − 旧)
1 2026-06-15 3.58% 5.75% +2.17%
2 2026-03-21 4.78% 3.58% -1.20%
3 2026-02-26 4.78%

完整 EPSS 历史 (共 16 条)

CVE-2012-3418 的 CVSS 指标

该 CVE 的 CVSS 指标。

底座分 版本 严重度 向量 可利用性 影响 分数来源
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P 点击展开
访问路径 (AV:N)
只要路由可达,即可从远端发起利用。
访问复杂度 (AC:L)
步骤短、路径清晰,复现成本低。
认证 (AU:N)
全程无需有效身份。
机密性影响 (C:N)
对机密性无影响。
完整性影响 (I:N)
对完整性无影响。
可用性影响 (A:P)
可用性受到部分损害。
10.0 2.9 [email protected]

CVE-2012-3418 的弱点枚举

CVE-2012-3418 的 OS 跟踪

vendor priority summary link
debian not yet assigned CVE-2012-3418 not yet assigned priority: Debian including 1 source packages (pcp), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2012-3418
suse medium CVE-2012-3418 severity moderate: SUSE including 260 source package names (libpcp-devel-3.10.4-1.23, libpcp-devel-3.11.9-3.116, …), 306 product×package rows across 16 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Module for Development Tools 15, … (16 product lines)): Fixed 306. https://www.suse.com/security/cve/CVE-2012-3418/
ubuntu medium CVE-2012-3418 medium priority: Ubuntu including 1 source packages (pcp), 16 status rows across 16 suites (hardy, lucid, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 10, not-affected 3, DNE 2, released 1. https://ubuntu.com/security/CVE-2012-3418

CVE-2012-3418 的影响软件 / 配置

厂商 产品 版本 原始 CPE
sgi performance_co-pilot <= 3.6.4 cpe:2.3:a:sgi:performance_co-pilot:*:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.1 cpe:2.3:a:sgi:performance_co-pilot:2.1.1:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.2 cpe:2.3:a:sgi:performance_co-pilot:2.1.2:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.3 cpe:2.3:a:sgi:performance_co-pilot:2.1.3:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.4 cpe:2.3:a:sgi:performance_co-pilot:2.1.4:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.5 cpe:2.3:a:sgi:performance_co-pilot:2.1.5:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.6 cpe:2.3:a:sgi:performance_co-pilot:2.1.6:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.7 cpe:2.3:a:sgi:performance_co-pilot:2.1.7:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.8 cpe:2.3:a:sgi:performance_co-pilot:2.1.8:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.9 cpe:2.3:a:sgi:performance_co-pilot:2.1.9:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.10 cpe:2.3:a:sgi:performance_co-pilot:2.1.10:*:*:*:*:*:*:*
sgi performance_co-pilot 2.1.11 cpe:2.3:a:sgi:performance_co-pilot:2.1.11:*:*:*:*:*:*:*
sgi performance_co-pilot 2.2 cpe:2.3:a:sgi:performance_co-pilot:2.2:*:*:*:*:*:*:*

CVE-2012-3418 的参考链接

URL 标签
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5
http://www.debian.org/security/2012/dsa-2533
http://www.openwall.com/lists/oss-security/2012/08/16/1
https://bugzilla.redhat.com/show_bug.cgi?id=840822
https://bugzilla.redhat.com/show_bug.cgi?id=840920
https://bugzilla.redhat.com/show_bug.cgi?id=841112
https://bugzilla.redhat.com/show_bug.cgi?id=841126
https://bugzilla.redhat.com/show_bug.cgi?id=841159
https://bugzilla.redhat.com/show_bug.cgi?id=841180
https://bugzilla.redhat.com/show_bug.cgi?id=841183
https://bugzilla.redhat.com/show_bug.cgi?id=841240
https://bugzilla.redhat.com/show_bug.cgi?id=841249
https://bugzilla.redhat.com/show_bug.cgi?id=841284
https://bugzilla.redhat.com/show_bug.cgi?id=841698
https://hermes.opensuse.org/messages/15471040
https://hermes.opensuse.org/messages/15540133
https://hermes.opensuse.org/messages/15540172
cvelogic Threat Intelligence