Lucene search

[email protected]CVE-2012-0864

HistoryMay 02, 2013 - 2:55 p.m.

CVE-2012-0864

2013-05-0214:55:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2012-0864

integer overflow

vfprintf function

glibc 2.14

security bypass

format string attacks

7.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

CPENameOperatorVersion
gnu:glibcgnu glibceq2.14

CPE	Name	Operator	Version
gnu:glibc	gnu glibc	eq	2.14

References

rhn.redhat.com/errata/RHSA-2012-0393.html

rhn.redhat.com/errata/RHSA-2012-0397.html

rhn.redhat.com/errata/RHSA-2012-0488.html

rhn.redhat.com/errata/RHSA-2012-0531.html

sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e

sourceware.org/ml/libc-alpha/2012-02/msg00023.html

www.phrack.org/issues.html?issue=67&id=9#article

www.securityfocus.com/bid/52201

bugzilla.redhat.com/show_bug.cgi?id=794766

7.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2012-0864

openvas25 nessus22 redhat4 fedora4 centos2 oraclelinux2 veracode1 ubuntucve2 amazon1 prion1 zdt1 exploitpack1 seebug1 exploitdb1 securityvulns3 gentoo1 ubuntu1 vmware4