Vulnerability in Gnu Glibc
CVE-2012-3406
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependen…
EPSS: 0.009 (75.6th percentile) — read the EPSS interpretation.
Affected products
- Gnu Glibc — versions 2.5, 2.12
- Canonical Ubuntu_linux — versions 8.04, 10.04, 11.04
- Redhat Enterprise_linux — versions 5, 6.0
- Redhat Enterprise_virtualization — versions 3.0
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2012:1200 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- RHSA-2012:1097 (x_refsource_REDHAT, vendor-advisory)
- GLSA-201503-04 (vendor-advisory, x_refsource_GENTOO)
- RHSA-2012:1098 (x_refsource_REDHAT, vendor-advisory)
- USN-1589-1 (x_refsource_UBUNTU, vendor-advisory)
- RHSA-2012:1185 (x_refsource_REDHAT, vendor-advisory)
- [oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)