Published: 10/02/2014 Updated: 22/04/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent malicious users to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.14
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04
canonical ubuntu linux 11.04
canonical ubuntu linux 11.10
canonical ubuntu linux 12.04
redhat enterprise linux 6.0
redhat enterprise virtualization 3.0

Synopsis Moderate: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Moderate Topic An updated rhev-hypervisor6 package that fixes multiple security issues andvarious bugs is now availableThe Red Hat Security Response Team has rated this update as having moderatesecurity impact ...

Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix three security issues and one bug are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact C ...

Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library: CVE-2012-3406 The vfprintf function in stdio-common/vfprintfc in GNU C Library (aka glibc) 25, 212, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context- ...

Debian Bug report logs - #681473 CVE-2012-3404 CVE-2012-3405 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 13 Jul 2012 13:42:15 UTC Severity: important Tags: security Fixed in version eglibc/213-35 Done: Aurelien Jarno <aurel32@debianorg&g ...

Debian Bug report logs - #681888 CVE-2012-3406: glibc formatted printing vulnerabilities Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 13 Jul 2012 13:42:15 UTC Severity: important Tags: secur ...

USN-1589-1 exposed a regression in the GNU C Library floating point parser ...

Multiple security issues were fixed in the GNU C Library ...

Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort ...

CWE-189 http://www.ubuntu.com/usn/USN-1589-1 http://www.openwall.com/lists/oss-security/2012/07/11/17 https://bugzilla.redhat.com/show_bug.cgi?id=833704 https://sourceware.org/bugzilla/show_bug.cgi?id=13446 http://rhn.redhat.com/errata/RHSA-2012-1098.html http://rhn.redhat.com/errata/RHSA-2012-1200.html https://security.gentoo.org/glsa/201503-04 https://access.redhat.com/errata/RHSA-2012:1200 https://www.debian.org/security/./dsa-3169 https://nvd.nist.gov https://usn.ubuntu.com/1589-2/

CVE-2012-3405

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect