[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3405Date: (C)2014-02-11   (M)2023-12-22


The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
GLSA-201503-04
RHSA-2012:1098
RHSA-2012:1200
USN-1589-1
http://www.openwall.com/lists/oss-security/2012/07/11/17
https://bugzilla.redhat.com/show_bug.cgi?id=833704
https://sourceware.org/bugzilla/show_bug.cgi?id=13446

CPE    7
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/a:redhat:enterprise_virtualization:3.0
...
CWE    1
CWE-189
OVAL    7
oval:org.secpod.oval:def:104064
oval:org.secpod.oval:def:1601319
oval:org.secpod.oval:def:701022
oval:org.secpod.oval:def:202402
...

© SecPod Technologies