CVE-2012-3405
published 2014-02-10CVE-2012-3405: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length…
medium5CVSS 3.1
AVNACLAuNCNINAP
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | glibc | < glibc 2.19-14 (bookworm) | glibc 2.19-14 (bookworm) |
| debian | glibc | < glibc 2.13-35 (bookworm) | glibc 2.13-35 (bookworm) |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | >= 0 < 2.13-35 | 2.13-35 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.13-35 | 2.13-35 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.13-35 | 2.13-35 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.13-35 | 2.13-35 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_virtualization | — | — |
| vmware | vcenter_server | — | — |
| vmware | vmware_esxi | — | — |
| vmware | vsphere | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv5.0MEDIUM