Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-0864

Published: 02/05/2013 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Gnu

Vulnerability Summary

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent malicious users to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc 2.14

Vendor Advisories

Ubuntu Security Notice: eglibc, glibc vulnerabilities
Multiple vulnerabilities were discovered and fixed in the GNU C Library ...
Red Hat: Moderate: glibc security and bug fix update
Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix one security issue and three bugs are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A ...
Red Hat: Important: rhev-hypervisor6 security and bug fix update
Synopsis Important: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Important Topic An updated rhev-hypervisor6 package that fixes three security issues andone bug is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impact Comm ...
Red Hat: Moderate: glibc security update
Synopsis Moderate: glibc security update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix one security issue are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Scori ...
Amazon Linux AMI: ALAS-2012-057
An integer overflow flaw was found in the implementation of the printf functions family This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort (CVE-2012-0864) ...

Exploits

Exploit DB: sudo 1.8.3p1 Local Root
sudo versions 180 through 183p1 sudo_debug root exploit with glibc FORTIFY_SOURCE bypass ...

References

CWE-189http://www.phrack.org/issues.html?issue=67&id=9#articlehttp://rhn.redhat.com/errata/RHSA-2012-0531.htmlhttp://sourceware.org/ml/libc-alpha/2012-02/msg00023.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0488.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0397.htmlhttp://www.securityfocus.com/bid/52201https://bugzilla.redhat.com/show_bug.cgi?id=794766http://rhn.redhat.com/errata/RHSA-2012-0393.htmlhttp://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6ehttps://nvd.nist.govhttps://usn.ubuntu.com/1396-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook