CVE-2012-4424Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
5.1MEDIUMNVD
EPSS
0.6%
top 30.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedOct 9
Latest updateMay 17

Description

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

Debiangnu/glibc< 2.17-94+3
NVDgnu/glibc2.17+25

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-xmcm-jqgw-pm47: Stack-based buffer overflow in string/strcoll_l2022-05-17
OSV
CVE-2012-4424: Stack-based buffer overflow in string/strcoll_l2013-10-09
CVEList
CVE-2012-4424: Stack-based buffer overflow in string/strcoll_l2013-10-09

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2013-10-21
Red Hat
glibc: alloca() stack overflow in the strcoll() interface2012-09-06
Debian
CVE-2012-4424: glibc - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glib...2012

💬Community

3
Bugzilla
CVE-2015-8982 glibc: multiple overflows in strxfrm()2015-02-13
Bugzilla
CVE-2012-4424 glibc: alloca() stack overflow in the strcoll() interface2012-09-18
Bugzilla
CVE-2012-4412 CVE-2012-4424 glibc: various flaws [fedora-all]2012-09-07
CVE-2012-4424 — GNU Glibc vulnerability | cvebase