CVE-2012-0864Integer Overflow or Wraparound in Glibc

CWE-189CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
3.0%
top 13.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedMay 2
Latest updateMay 17

Description

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDgnu/glibc2.14

🔴Vulnerability Details

2
GHSA
GHSA-x2p4-f3vf-gwp3: Integer overflow in the vfprintf function in stdio-common/vfprintf2022-05-17
CVEList
CVE-2012-0864: Integer overflow in the vfprintf function in stdio-common/vfprintf2013-05-02

📋Vendor Advisories

2
Ubuntu
GNU C Library vulnerabilities2012-03-09
Red Hat
glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow2010-11-17

💬Community

2
Bugzilla
CVE-2012-0864 glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow2012-02-17
Bugzilla
CVE-2012-0864 glibc: F_S format string protection bypass via "nargs" integer overflow [fedora-all]2012-02-17
CVE-2012-0864 — Integer Overflow or Wraparound in Glibc | cvebase