Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4412Integer Overflow or Wraparound in Glibc

CWE-189CWE-190Integer Overflow or Wraparound11 documents9 sources
Severity
7.5HIGHNVD
EPSS
18.7%
top 4.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Glibc
Timeline
PublishedOct 9
Latest updateMay 14

Description

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debiangnu/glibc< 2.17-94+3
NVDgnu/glibc2.17+25

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-cq77-m6w7-c2xc: Integer overflow in string/strcoll_l2022-05-14
CVEList
CVE-2012-4412: Integer overflow in string/strcoll_l2013-10-09
OSV
CVE-2012-4412: Integer overflow in string/strcoll_l2013-10-09

💥Exploits & PoCs

1
Exploit-DB
GNU glibc - 'strcoll()' Routine Integer Overflow2012-09-07

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2013-10-21
Red Hat
glibc: strcoll() integer overflow leading to buffer overflow2012-09-05
Debian
CVE-2012-4412: glibc - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6)...2012

💬Community

3
Bugzilla
CVE-2015-8982 glibc: multiple overflows in strxfrm()2015-02-13
Bugzilla
CVE-2012-4412 CVE-2012-4424 glibc: various flaws [fedora-all]2012-09-07
Bugzilla
CVE-2012-4412 glibc: strcoll() integer overflow leading to buffer overflow2012-09-07
CVE-2012-4412 — Integer Overflow or Wraparound in Glibc | cvebase