Lucene search

K

[email protected]NVD:CVE-2012-3404

HistoryFeb 10, 2014 - 6:15 p.m.

CVE-2012-3404

2014-02-1018:15:10

CWE-189

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.

Affected configurations

NVD

Node

gnuglibcMatch2.12

OR

redhatenterprise_virtualizationMatch3.0

OR

canonicalubuntu_linuxMatch8.04-lts

OR

canonicalubuntu_linuxMatch10.04-lts

OR

canonicalubuntu_linuxMatch11.04

OR

canonicalubuntu_linuxMatch11.10

OR

canonicalubuntu_linuxMatch12.04-lts

OR

redhatenterprise_linuxMatch6.0

References

rhn.redhat.com/errata/RHSA-2012-1098.html

rhn.redhat.com/errata/RHSA-2012-1200.html

www.openwall.com/lists/oss-security/2012/07/11/17

www.ubuntu.com/usn/USN-1589-1

bugzilla.redhat.com/show_bug.cgi?id=833703

security.gentoo.org/glsa/201503-04

sourceware.org/bugzilla/show_bug.cgi?id=12445

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

Related for NVD:CVE-2012-3404

cvelist3 ubuntucve3 cve3 debiancve3 prion3 nvd2 oraclelinux1 f52 nessus15 openvas16 redhat2 amazon1 veracode1 centos1 ubuntu2 osv1 securityvulns2 debian1 vmware2 gentoo1