CVE-2012-3480

2012-08-2500:00:00

ubuntu.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.0%

JSON

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4)
strtod_l, and other unspecified “related functions” in stdlib in GNU C
Library (aka glibc or libc6) 2.16 allow local users to cause a denial of
service (application crash) and possibly execute arbitrary code via a long
string, which triggers a stack-based buffer overflow.

Bugs

Notes

Author	Note
jdstrand	stack-protector should prevent code execution

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarcheglibc< 2.11.1-0ubuntu7.11UNKNOWN
ubuntu11.04noarcheglibc< 2.13-0ubuntu13.2UNKNOWN
ubuntu11.10noarcheglibc< 2.13-20ubuntu5.2UNKNOWN
ubuntu12.04noarcheglibc< 2.15-0ubuntu10.2UNKNOWN
ubuntu8.04noarchglibc< 2.7-10ubuntu8.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	eglibc	< 2.11.1-0ubuntu7.11	UNKNOWN
ubuntu	11.04	noarch	eglibc	< 2.13-0ubuntu13.2	UNKNOWN
ubuntu	11.10	noarch	eglibc	< 2.13-20ubuntu5.2	UNKNOWN
ubuntu	12.04	noarch	eglibc	< 2.15-0ubuntu10.2	UNKNOWN
ubuntu	8.04	noarch	glibc	< 2.7-10ubuntu8.2	UNKNOWN