6.8
CVE-2012-3406
- EPSS 0.87%
- Published 10.02.2014 18:15:10
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Enterprise Virtualization Version3.0
Canonical ≫ Ubuntu Linux Version8.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts
Redhat ≫ Enterprise Linux Version5
Redhat ≫ Enterprise Linux Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.87% | 0.745 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|