Fluid Attacks Database

Description

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	pcp	>=0 <3.6.5	3.6.5
debian 13	pcp	>=0 <3.6.5	3.6.5
debian 12	pcp	>=0 <3.6.5	3.6.5
debian 14	pcp	>=0 <3.6.5	3.6.5

Aliases

1. CVE-2012-34202. NVD-2012-34203. OSV-DEBIAN-2012-34204. OSV-2012-34205. SECURITY-TRACKER-CVE-2012-3420

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.