Lucene search

K
cve[email protected]CVE-2012-0864
HistoryMay 02, 2013 - 2:55 p.m.

CVE-2012-0864

2013-05-0214:55:05
CWE-189
web.nvd.nist.gov
49
cve-2012-0864
integer overflow
vfprintf function
glibc 2.14
security bypass
format string attacks

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

High

EPSS

0.013

Percentile

85.9%

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

Affected configurations

NVD
Node
gnuglibcMatch2.14
CPENameOperatorVersion
gnu:glibcgnu glibceq2.14

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

High

EPSS

0.013

Percentile

85.9%