Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2012-3480 — Integer Overflow or Wraparound in Glibc
CWE-189CWE-190 — Integer Overflow or WraparoundCWE-121 — Stack-based Buffer Overflow10 documents9 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 57.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedAug 25
Latest updateMay 17
Description
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
CVSS vector
AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4
🔴Vulnerability Details
3GHSA▶
GHSA-mch7-w8fj-4pc4: Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Libr↗2022-05-17
CVEList▶
CVE-2012-3480: Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Libr↗2012-08-25
OSV▶
CVE-2012-3480: Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Libr↗2012-08-25
💥Exploits & PoCs
1📋Vendor Advisories
4💬Community
1Bugzilla▶
CVE-2012-3480 glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines↗2012-08-13