Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3405

Опубликовано: 11 июл. 2012
Источник: redhat
CVSS2: 6.8

Описание

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

Отчет

This issue did not affect the version of glibc as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5glibcNot affected
Red Hat Enterprise Linux 6glibcFixedRHSA-2012:109818.07.2012
RHEV 3.X Hypervisor and Agents for RHEL-6rhev-hypervisor6FixedRHSA-2012:120023.08.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=833704glibc: incorrect use of extend_alloca() in formatted printing can lead to FORTIFY_SOURCE format string protection bypass

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3405

ubuntu
больше 11 лет назад

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

nvd логотип

CVE-2012-3405

nvd
больше 11 лет назад

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

debian логотип

CVE-2012-3405

debian
больше 11 лет назад

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...

github логотип

GHSA-fwxh-prpx-6qg8

github
больше 3 лет назад

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

oracle-oval логотип

ELSA-2012-1098

oracle-oval
около 13 лет назад

ELSA-2012-1098: glibc security and bug fix update (MODERATE)

6.8 Medium

CVSS2