7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
89.7%
The strxfrm() function is vulnerable to integer overflows when computing
memory allocation sizes (similar to CVE-2012-4412). Furthermore since
it fallbacks to use alloca() when malloc() fails, it is vulnerable to
stack-based buffer overflows (similar to CVE-2012-4424).
Those issues have been fixed in Debian 6 Squeeze with eglibc
2.11.3-4+deb6u8. We recommend that you upgrade libc6 and other
packages provided by eglibc.