Published: 09/10/2013 Updated: 01/07/2017

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 455

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and previous versions allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.15
gnu glibc 2.14.1
gnu glibc 2.14
gnu glibc 2.11
gnu glibc 2.10.1
gnu glibc 2.0.6
gnu glibc 2.0.5
gnu glibc 2.13
gnu glibc 2.12.2
gnu glibc 2.1.9
gnu glibc 2.1.3
gnu glibc 2.0.4
gnu glibc 2.0.3
gnu glibc 2.12.1
gnu glibc 2.11.3
gnu glibc 2.1.2
gnu glibc 2.1.1.6
gnu glibc 2.0.2
gnu glibc 2.0.1
gnu glibc
gnu glibc 2.16
gnu glibc 2.11.2
gnu glibc 2.11.1
gnu glibc 2.1.1
gnu glibc 2.1
gnu glibc 2.0

Several security issues were fixed in the GNU C Library ...

Debian Bug report logs - #687530 eglibc: CVE-2012-4412: strcoll integer / buffer overflow Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 13 Sep 2012 14:21:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fix ...

Debian Bug report logs - #689423 eglibc: CVE-2012-4424: stack overflow in strcoll() Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 2 Oct 2012 13:12:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in ...

Debian Bug report logs - #717178 CVE-2013-4788: PTR_MANGLE ineffective for statically linked binaries Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 17 Jul 2013 14:24:01 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-9 ...

Debian Bug report logs - #722536 eglibc: CVE-2013-4332 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 12 Sep 2013 05:27:02 UTC Severity: grave Tags: patch, security Fixed in versions eglibc/217-93, eglibc/213-38+deb7u1 Done: Aurelien Jarno <aurel32@de ...

Debian Bug report logs - #719558 eglibc: CVE-2013-4237 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 13 Aug 2013 05:15:02 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in versions eglibc/217-94, eglibc/213 ...

Debian Bug report logs - #727181 eglibc: CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 23 Oct 2013 04:54:01 UTC Severity: important Tags: security, upstream Fixed in vers ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=858238 http://www.openwall.com/lists/oss-security/2012/09/13/16 http://sourceware.org/bugzilla/show_bug.cgi?id=14547 http://www.ubuntu.com/usn/USN-1991-1 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 https://security.gentoo.org/glsa/201503-04 https://nvd.nist.gov https://usn.ubuntu.com/1991-1/

CVE-2012-4424

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect