ID CVE-2012-3405
Summary The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2012:1098
  • rhsa
    id RHSA-2012:1200
rpms
  • glibc-0:2.12-1.80.el6_3.3
  • glibc-common-0:2.12-1.80.el6_3.3
  • glibc-debuginfo-0:2.12-1.80.el6_3.3
  • glibc-debuginfo-common-0:2.12-1.80.el6_3.3
  • glibc-devel-0:2.12-1.80.el6_3.3
  • glibc-headers-0:2.12-1.80.el6_3.3
  • glibc-static-0:2.12-1.80.el6_3.3
  • glibc-utils-0:2.12-1.80.el6_3.3
  • nscd-0:2.12-1.80.el6_3.3
  • rhev-hypervisor6-0:6.3-20120815.0.el6_3
refmap via4
confirm
gentoo GLSA-201503-04
mlist [oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities
ubuntu USN-1589-1
Last major update 22-04-2019 - 17:48
Published 10-02-2014 - 18:15
Last modified 22-04-2019 - 17:48
Back to Top