Vulnerability in Gnu Glibc
CVE-2012-3404
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string…
EPSS: 0.006 (70.0th percentile) — read the EPSS interpretation.
Affected products
- Gnu Glibc — versions 2.12
- Canonical Ubuntu_linux — versions 8.04, 10.04, 11.04
- Redhat Enterprise_linux — versions 6.0
- Redhat Enterprise_virtualization — versions 3.0
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2012:1200 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- secalert@redhat.com (x_refsource_CONFIRM)
- GLSA-201503-04 (vendor-advisory, x_refsource_GENTOO)
- RHSA-2012:1098 (x_refsource_REDHAT, vendor-advisory)
- USN-1589-1 (x_refsource_UBUNTU, vendor-advisory)
- [oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities (mailing-list, x_refsource_MLIST)