6.8
CVE-2012-3406
- EPSS 3.16%
- Veröffentlicht 10.02.2014 18:15:10
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Virtualization Version3.0
Canonical ≫ Ubuntu Linux Version8.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts
Redhat ≫ Enterprise Linux Version5
Redhat ≫ Enterprise Linux Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.16% | 0.863 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://www.ubuntu.com/usn/USN-1589-1
https://security.gentoo.org/glsa/201503-04
http://rhn.redhat.com/errata/RHSA-2012-1098.html
http://rhn.redhat.com/errata/RHSA-2012-1200.html
http://www.openwall.com/lists/oss-security/2012/07/11/17
http://rhn.redhat.com/errata/RHSA-2012-1097.html
http://rhn.redhat.com/errata/RHSA-2012-1185.html
https://bugzilla.redhat.com/attachment.cgi?id=594722
https://bugzilla.redhat.com/show_bug.cgi?id=826943