6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.2%
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka
glibc) 2.5, 2.12, and probably other versions does not “properly restrict
the use of” the alloca function when allocating the SPECS array, which
allows context-dependent attackers to bypass the FORTIFY_SOURCE
format-string protection mechanism and cause a denial of service (crash) or
possibly execute arbitrary code via a crafted format string using
positional parameters and a large number of format specifiers, a different
vulnerability than CVE-2012-3404 and CVE-2012-3405.
Author | Note |
---|---|
sbeattie | bug23-3.c from redhat patch does seem to reproduce issue on all releases |
www.openwall.com/lists/oss-security/2012/07/11/17
www.openwall.com/lists/oss-security/2012/07/11/5
bugzilla.redhat.com/attachment.cgi?id=594722&action=diff
bugzilla.redhat.com/attachment.cgi?id=594727&action=diff
bugzilla.redhat.com/show_bug.cgi?id=826943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406
launchpad.net/bugs/cve/CVE-2012-3406
nvd.nist.gov/vuln/detail/CVE-2012-3406
security-tracker.debian.org/tracker/CVE-2012-3406
ubuntu.com/security/notices/USN-1589-1