CVE-2012-3405

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

Published : 2014-02-10 18:15 Updated : 2019-04-22 17:48

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Redhat Enterprise Linux 6.0 cpe:/o:redhat:enterprise_linux:6.0
Gnu Glibc 2.14 cpe:/a:gnu:glibc:2.14
Canonical Ubuntu Linux 11.04 cpe:/o:canonical:ubuntu_linux:11.04
Canonical Ubuntu Linux 8.04 cpe:/o:canonical:ubuntu_linux:8.04:-:lts
Canonical Ubuntu Linux 11.10 cpe:/o:canonical:ubuntu_linux:11.10
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04:-:lts
Canonical Ubuntu Linux 10.04 cpe:/o:canonical:ubuntu_linux:10.04:-:lts
Redhat Enterprise Virtualization 3.0 cpe:/a:redhat:enterprise_virtualization:3.0
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (5) Search CVE
      1. 11.04
      2. 8.04
      3. 11.10
      4. 12.04
      5. 10.04
  2. Gnu (1) Search CVE
    1. Glibc (1) Search CVE
      1. 2.14
  3. Redhat (2) Search CVE
    1. Enterprise Virtualization (1) Search CVE
      1. 3.0
    2. Enterprise Linux (1) Search CVE
      1. 6.0

CWE

ID Name Description Links
CWE-189 Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. CVE

History of changes

Date Event
2019-04-22 17:48
2017-07-01 05:29
2014-02-10 18:15

New CVE