Published: 25/08/2012 Updated: 13/02/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.16

Debian Bug report logs - #684889 eglibc: CVE-2012-3480 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 14 Aug 2012 12:51:04 UTC Severity: grave Tags: patch, security Found in version 2113-4 Fixed in version eglibc/213-36 Done: Aurelien Jarno <aurel32@ ...

Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix multiple security issues and one bug arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact ...

Synopsis Moderate: glibc security update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability ...

Synopsis Important: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Important Topic An updated rhev-hypervisor6 package that fixes multiple security issues andone bug is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impact C ...

USN-1589-1 exposed a regression in the GNU C Library floating point parser ...

Multiple security issues were fixed in the GNU C Library ...

Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()) If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code (CVE- ...

source: wwwsecurityfocuscom/bid/54982/info GNU glibc is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data Local attackers can exploit these issues to run arbitrary code with privileges of the affected application Failed exploit attempts can result in ...

CWE-189 http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html http://secunia.com/advisories/50201 http://www.securityfocus.com/bid/54982 http://www.openwall.com/lists/oss-security/2012/08/13/4 http://sourceware.org/bugzilla/show_bug.cgi?id=14459 http://osvdb.org/84710 http://www.openwall.com/lists/oss-security/2012/08/13/6 http://rhn.redhat.com/errata/RHSA-2012-1208.html http://rhn.redhat.com/errata/RHSA-2012-1207.html http://rhn.redhat.com/errata/RHSA-2012-1325.html http://rhn.redhat.com/errata/RHSA-2012-1262.html http://secunia.com/advisories/50422 http://www.securitytracker.com/id?1027374 http://www.ubuntu.com/usn/USN-1589-1 https://security.gentoo.org/glsa/201503-04 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684889 https://nvd.nist.gov https://usn.ubuntu.com/1589-2/https://www.exploit-db.com/exploits/37631/https://access.redhat.com/errata/RHSA-2012:1207

CVE-2012-3480

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect