Fluid Attacks Database

Description

The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	pcp	>=0 <3.6.5	3.6.5
debian 13	pcp	>=0 <3.6.5	3.6.5
debian 12	pcp	>=0 <3.6.5	3.6.5
debian 14	pcp	>=0 <3.6.5	3.6.5

Aliases

1. CVE-2012-34212. NVD-2012-34213. OSV-DEBIAN-2012-34214. OSV-2012-34215. SECURITY-TRACKER-CVE-2012-3421

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.