Lucene search

K

[email protected]NVD:CVE-2012-0864

HistoryMay 02, 2013 - 2:55 p.m.

CVE-2012-0864

2013-05-0214:55:05

CWE-189

[email protected]

web.nvd.nist.gov

1

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

Affected configurations

NVD

Node

gnuglibcMatch2.14

References

rhn.redhat.com/errata/RHSA-2012-0393.html

rhn.redhat.com/errata/RHSA-2012-0397.html

rhn.redhat.com/errata/RHSA-2012-0488.html

rhn.redhat.com/errata/RHSA-2012-0531.html

sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e

sourceware.org/ml/libc-alpha/2012-02/msg00023.html

www.phrack.org/issues.html?issue=67&id=9#article

www.securityfocus.com/bid/52201

bugzilla.redhat.com/show_bug.cgi?id=794766

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

Related for NVD:CVE-2012-0864

openvas25 nessus23 centos2 fedora4 redhat4 cvelist1 prion1 oraclelinux2 cve1 amazon1 veracode1 ubuntucve2 seebug1 zdt1 exploitpack1 exploitdb1 securityvulns3 gentoo1 ubuntu1 vmware4