Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-3405

Опубликовано: 10 фев. 2014
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%
0.00666
Низкий

5 Medium

CVSS2

Дефекты

CWE-189

Связанные уязвимости

ubuntu логотип

CVE-2012-3405

ubuntu
больше 11 лет назад

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

redhat логотип

CVE-2012-3405

redhat
около 13 лет назад

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

debian логотип

CVE-2012-3405

debian
больше 11 лет назад

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...

github логотип

GHSA-fwxh-prpx-6qg8

github
больше 3 лет назад

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

oracle-oval логотип

ELSA-2012-1098

oracle-oval
около 13 лет назад

ELSA-2012-1098: glibc security and bug fix update (MODERATE)

EPSS

Процентиль: 70%
0.00666
Низкий

5 Medium

CVSS2

Дефекты

CWE-189