CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

73 matches found

Prion•added 2014/02/10 6:15 p.m.•29 views

Format string

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...

5CVSS6.5AI score0.00666EPSS

Exploits1References7Affected Software4

Prion•added 2014/02/10 6:15 p.m.•26 views

Format string

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

6.8CVSS7.8AI score0.00869EPSS

Exploits1References9Affected Software4

Debian CVE•added 2014/02/10 5:0 p.m.•32 views

CVE-2012-3406

6.8CVSS7.4AI score0.00869EPSS

Exploits0

Debian CVE•added 2014/02/10 5:0 p.m.•39 views

CVE-2012-3405

5CVSS6.3AI score0.00666EPSS

Exploits0

Cvelist•added 2014/02/10 5:0 p.m.•32 views

CVE-2012-3406

7.9AI score0.00869EPSS

Exploits0References9

Debian CVE•added 2014/02/10 5:0 p.m.•31 views

CVE-2012-3404

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...

5CVSS6.4AI score0.00604EPSS

Exploits1

Cvelist•added 2014/02/10 5:0 p.m.•30 views

CVE-2012-3405

7.3AI score0.00666EPSS

Exploits0References7

CVE•added 2014/02/10 5:0 p.m.•134 views

CVE-2012-3404

CVE-2012-3404 affects the GNU C Library (glibc) in the vfprintf path (stdio-common/vfprintf.c). The issue is a miscalculation of buffer length that can bypass Fortify_SOURCE format-string protections when using positional parameters with many specifiers, enabling context-dependent DoS via a craft...

5CVSS6.4AI score0.00604EPSS

Exploits1References7Affected Software4

Cvelist•added 2014/02/10 5:0 p.m.•31 views

CVE-2012-3404

6.3AI score0.00604EPSS

Exploits1References7

CVE•added 2014/02/10 5:0 p.m.•133 views

CVE-2012-3406

The CVE-2012-3406 issue concerns glibc’s vfprintf (stdio-common/vfprintf.c). It states that glibc 2.5, 2.12, and likely other versions fail to properly restrict the use of alloca when allocating the SPECS array, which can bypass FORTIFY_SOURCE format-string protection and lead to a denial of serv...

6.8CVSS7.8AI score0.00869EPSS

Exploits0References9Affected Software4

NVD•added 2013/05/02 2:55 p.m.•18 views

CVE-2012-0864

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFYSOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments...

6.8CVSS7.9AI score0.03036EPSS

Exploits5References9

Prion•added 2013/05/02 2:55 p.m.•23 views

Integer overflow

6.8CVSS7.2AI score0.03036EPSS

Exploits5References9Affected Software1

Cvelist•added 2013/05/02 2:0 p.m.•24 views

CVE-2012-0864

9.2AI score0.03036EPSS

Exploits5References9

CVE•added 2013/05/02 2:0 p.m.•115 views

CVE-2012-0864

Summary (CVE-2012-0864) The vulnerability is in the GNU C Library (glibc) via an integer/format string flaw in the vfprintf path (stdio-common/vfprintf.c) affecting glibc 2.14 and other versions. A context-dependent attacker could bypass Fortify_SOURCE, perform format-string attacks, and write to...

6.8CVSS8.4AI score0.03036EPSS

Exploits5References9Affected Software1

Tenable Nessus•added 2013/01/25 12:0 a.m.•30 views

SuSE 11.2 Security Update : glibc (SAT Patch Number 7110)

This collective update for the GNU C library glibc provides the following fixes : - Fix strtod integer/buffer overflows. bnc775690, CVE-2012-3480 - Fix vfprintf handling of many format specifiers. bnc770891, CVE-2012-3404 / CVE-2012-3405 / CVE-2012-3406 - Fix pthreadcondtimedwait stack unwinding...

6.8CVSS6.8AI score0.00869EPSS

Exploits1References14

Tenable Nessus•added 2012/11/19 12:0 a.m.•33 views

SuSE 10 Security Update : glibc (ZYPP Patch Number 8351)

This collective update to the GNU Lib C library glibc provides the following fixes : - Make addmntent return errors also for cached streams. bnc676178, CVE-2011-1089 - Fix overflows in vfprintf. bnc770891, CVE-2012-3406 - Fix incomplete results from nscd. bnc753756 - Fix a deadlock in dlsym in ca...

6.8CVSS7.4AI score0.00869EPSS

Exploits0References4

RedHat Linux•added 2012/08/23 2:17 p.m.•3 views

glibc: incorrect use of extend_alloca() in formatted printing can lead to FORTIFY_SOURCE format string protection bypass

5CVSS6AI score0.00666EPSS

Exploits1References4

RedHat Linux•added 2012/08/23 2:17 p.m.•0 views

glibc: printf() unbound alloca() usage in case of positional parameters + many format specs

6.8CVSS6.2AI score0.00869EPSS

Exploits1References4

Tenable Nessus•added 2012/08/16 12:0 a.m.•38 views

Fedora 17 : glibc-2.15-54.fc17 (2012-11508)

Avoid unbound alloca in vfprintf 841318 Revert patch for BZ696143, it made it impossible to use IPV6 addresses explicitly in getaddrinfo, which in turn broke ssh, apache and other code. 808147 Note that Tenable Network Security has extracted the preceding description block directly from the Fedor...

6.8CVSS6.8AI score0.00869EPSS

Exploits0References5

RedHat Linux•added 2012/07/18 3:18 p.m.•1 views

glibc: printf() unbound alloca() usage in case of positional parameters + many format specs

6.8CVSS6.2AI score0.00869EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by