Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2012-4412

Published: 09/10/2013 Updated: 13/06/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Gnu

Vulnerability Summary

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and previous versions allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc 2.12.2

gnu glibc 2.12.1

gnu glibc 2.1.2

gnu glibc 2.1.1.6

gnu glibc 2.0.2

gnu glibc 2.0.1

gnu glibc 2.15

gnu glibc 2.14.1

gnu glibc 2.11.1

gnu glibc 2.11

gnu glibc 2.10.1

gnu glibc 2.0.6

gnu glibc 2.0.5

gnu glibc

gnu glibc 2.16

gnu glibc 2.11.3

gnu glibc 2.11.2

gnu glibc 2.1.1

gnu glibc 2.1

gnu glibc 2.0

gnu glibc 2.14

gnu glibc 2.13

gnu glibc 2.1.9

gnu glibc 2.1.3

gnu glibc 2.0.4

gnu glibc 2.0.3

Vendor Advisories

Ubuntu Security Notice: eglibc vulnerabilities
Several security issues were fixed in the GNU C Library ...
Debian CVElist Bug Report Logs: eglibc: CVE-2012-4412: strcoll integer / buffer overflow
Debian Bug report logs - #687530 eglibc: CVE-2012-4412: strcoll integer / buffer overflow Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 13 Sep 2012 14:21:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fix ...
Debian CVElist Bug Report Logs: eglibc: CVE-2012-4424: stack overflow in strcoll()
Debian Bug report logs - #689423 eglibc: CVE-2012-4424: stack overflow in strcoll() Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 2 Oct 2012 13:12:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in ...
Debian CVElist Bug Report Logs: CVE-2013-4788: PTR_MANGLE ineffective for statically linked binaries
Debian Bug report logs - #717178 CVE-2013-4788: PTR_MANGLE ineffective for statically linked binaries Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 17 Jul 2013 14:24:01 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-9 ...
Debian CVElist Bug Report Logs: eglibc: CVE-2013-4332
Debian Bug report logs - #722536 eglibc: CVE-2013-4332 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 12 Sep 2013 05:27:02 UTC Severity: grave Tags: patch, security Fixed in versions eglibc/217-93, eglibc/213-38+deb7u1 Done: Aurelien Jarno <aurel32@de ...
Debian CVElist Bug Report Logs: eglibc: CVE-2013-4237
Debian Bug report logs - #719558 eglibc: CVE-2013-4237 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 13 Aug 2013 05:15:02 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in versions eglibc/217-94, eglibc/213 ...
Debian CVElist Bug Report Logs: eglibc: CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6
Debian Bug report logs - #727181 eglibc: CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 23 Oct 2013 04:54:01 UTC Severity: important Tags: security, upstream Fixed in vers ...

Exploits

Exploit DB: GNU glibc - 'strcoll()' Routine Integer Overflow
source: wwwsecurityfocuscom/bid/55462/info GNU glibc is prone to a remote integer-overflow vulnerability which leads to buffer overflow vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of a user running an application that uses the affected library Failed exploit attempts may crash the ap ...
Exploit DB: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...

Mailing Lists

Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...

References

CWE-189http://sourceware.org/bugzilla/show_bug.cgi?id=14547http://www.openwall.com/lists/oss-security/2012/09/07/9https://bugzilla.redhat.com/show_bug.cgi?id=855385http://secunia.com/advisories/55113http://www.ubuntu.com/usn/USN-1991-1http://www.mandriva.com/security/advisories?name=MDVSA-2013:283http://www.mandriva.com/security/advisories?name=MDVSA-2013:284https://security.gentoo.org/glsa/201503-04http://seclists.org/fulldisclosure/2019/Jun/18https://seclists.org/bugtraq/2019/Jun/14http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlhttps://usn.ubuntu.com/1991-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/37783/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook