CVE-2012-3406

2014-02-1018:15:10

CWE-264

redhat

web.nvd.nist.gov

cve-2012-3406

glibc

vfprintf

format string

denial of service

arbitrary code execution

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.016

Percentile

87.2%

JSON

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not “properly restrict the use of” the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

Affected configurations

Nvd

Node

gnuglibcMatch2.5

gnuglibcMatch2.12

redhatenterprise_virtualizationMatch3.0

canonicalubuntu_linuxMatch8.04-lts

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

redhatenterprise_linuxMatch5

redhatenterprise_linuxMatch6.0

VendorProductVersionCPE
gnuglibc2.5cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
gnuglibc2.12cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
redhatenterprise_virtualization3.0cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
canonicalubuntu_linux11.04cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
redhatenterprise_linux5cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	2.5	cpe:2.3:a:gnu:glibc:2.5:::::::*
gnu	glibc	2.12	cpe:2.3:a:gnu:glibc:2.12:::::::*
redhat	enterprise_virtualization	3.0	cpe:2.3:a:redhat:enterprise_virtualization:3.0:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*
canonical	ubuntu_linux	11.04	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
canonical	ubuntu_linux	11.10	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
redhat	enterprise_linux	5	cpe:2.3:o:redhat:enterprise_linux:5:::::::*
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*