Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArch LinuxASA-201412-21
HistoryDec 18, 2014 - 12:00 a.m.

glibc: arbitrary code execution

2014-12-1800:00:00
Arch Linux
lists.archlinux.org
17

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.107 Low

EPSS

Percentile

94.5%

JSON

  • CVE-2012-3406 (arbitrary code execution)
    The vfprintf function in stdio-common/vfprintf.c in GNU C Library does
    not "properly restrict the use of" the alloca function when allocating
    the SPECS array, which allows context-dependent attackers to bypass the
    FORTIFY_SOURCE format-string protection mechanism and cause a denial of
    service (crash) or possibly execute arbitrary code via a crafted format
    string using positional parameters and a large number of format specifiers.

  • CVE-2014-9402 (denial of service)
    The nss_dns getnetbyname function will enter an infinite loop if the DNS
    backend is activated in the system Name Service Switch configuration and
    the DNS resolver receives a positive answer while processing the network
    name.

OSVersionArchitecturePackageVersionFilename
anyanyanylib32-glibc< 2.20-5UNKNOWN
anyanyanyglibc< 2.20-5UNKNOWN

Related

openvas 40
mageia 1
nessus 49
f5 4
debiancve 2
centos 3
oraclelinux 4
redhat 5
ubuntucve 2
cve 2
debian 3
prion 2
securityvulns 3
fedora 2
osv 2
amazon 2
veracode 1
ibm 10
ubuntu 3
vmware 2
gentoo 2
packetstorm 2
oracle 1
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0013)
2022-01-28 00:00:00
CentOS Update for glibc CESA-2012:1097 centos5
2012-07-30 00:00:00
RedHat Update for glibc RHSA-2012:1097-01
2012-07-19 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
nessus
nessus
EulerOS Virtualization 2.5.1 : glibc (EulerOS-SA-2018-1272)
2018-09-18 00:00:00
CentOS 5 : glibc (CESA-2012:1097)
2012-07-19 00:00:00
Oracle Linux 5 : glibc (ELSA-2012-1097)
2013-07-12 00:00:00
f5
f5
K16365 : glibc vulnerability CVE-2014-9402
2015-07-23 00:00:00
SOL16365 - GNU C Library (glibc) vulnerability CVE-2014-9402
2015-04-03 00:00:00
SOL16364 - GNU C Library (glibc) vulnerability CVE-2012-3406
2015-04-03 00:00:00
debiancve
debiancve
CVE-2014-9402
2015-02-24 15:59:00
CVE-2012-3406
2014-02-10 18:15:00
centos
centos
glibc, nscd security update
2012-07-18 17:40:39
glibc, nscd security update
2012-07-18 18:17:20
glibc, nscd security update
2018-04-26 17:41:43
oraclelinux
oraclelinux
glibc security and bug fix update
2012-07-18 00:00:00
glibc security and bug fix update
2012-07-18 00:00:00
glibc security update
2018-04-18 00:00:00
redhat
redhat
(RHSA-2012:1097) Moderate: glibc security and bug fix update
2012-07-18 00:00:00
(RHSA-2012:1098) Moderate: glibc security and bug fix update
2012-07-18 00:00:00
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update
2018-04-10 05:01:26
ubuntucve
ubuntucve
CVE-2014-9402
2015-02-24 00:00:00
CVE-2012-3406
2012-07-13 00:00:00
cve
cve
CVE-2014-9402
2015-02-24 15:59:00
CVE-2012-3406
2014-02-10 18:15:00
debian
debian
[SECURITY] [DLA 122-1] eglibc security update
2014-12-22 23:19:26
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
prion
prion
Design/Logic Flaw
2015-02-24 15:59:00
Format string
2014-02-10 18:15:00
securityvulns
securityvulns
GNU glibc multiple security vulnerabilities
2015-03-07 00:00:00
[SECURITY] [DSA 3169-1] eglibc security update
2015-03-07 00:00:00
VMSA-2012-0018 VMware security updates for vCSA and ESXi
2013-01-02 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: glibc-2.15-54.fc17
2012-08-15 22:54:00
[SECURITY] Fedora 21 Update: glibc-2.20-8.fc21
2015-03-04 10:27:01
osv
osv
eglibc - security update
2015-02-23 00:00:00
eglibc - security update
2015-03-06 00:00:00
amazon
amazon
Medium: glibc
2012-07-25 17:56:00
Important: glibc
2018-05-10 17:45:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:54:39
ibm
ibm
Security Bulletin: Vulnerabilities in GNU C Library Affect Power Hardware Management Console (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)
2021-09-23 01:31:39
Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402)
2023-04-18 18:22:18
Security Bulletin: IBM BladeCenter Advanced Management Module is affected by glibc vulnerabilities (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, and CVE-2014-9402)
2019-01-31 01:55:01
ubuntu
ubuntu
GNU C Library vulnerabilities
2012-10-02 00:00:00
GNU C Library regression
2012-12-17 00:00:00
GNU C Library vulnerabilities
2015-02-26 00:00:00
vmware
vmware
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
VMware security updates for vCSA, vCenter Server, and ESXi
2012-12-20 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
packetstorm
packetstorm
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
2019-09-04 00:00:00
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
2019-06-13 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.107 Low

EPSS

Percentile

94.5%

JSON
Related for ASA-201412-21
openvas40mageia1nessus49f54debiancve2centos3oraclelinux4redhat5ubuntucve2cve2debian3prion2securityvulns3fedora2osv2amazon2veracode1ibm10ubuntu3vmware2gentoo2packetstorm2oracle1