CVE-2012-3404

Published: 2/10/2014 Last updated: 8/6/2024 Reserved: 6/14/2012

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

gettext-stub

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 66.0.3359.117

References (14)

http://rhn.redhat.com/errata/RHSA-2012-1200.html
https://sourceware.org/bugzilla/show_bug.cgi?id=12445
https://bugzilla.redhat.com/show_bug.cgi?id=833703
https://security.gentoo.org/glsa/201503-04
http://rhn.redhat.com/errata/RHSA-2012-1098.html
http://www.ubuntu.com/usn/USN-1589-1
http://www.openwall.com/lists/oss-security/2012/07/11/17
http://rhn.redhat.com/errata/RHSA-2012-1200.html
https://sourceware.org/bugzilla/show_bug.cgi?id=12445
https://bugzilla.redhat.com/show_bug.cgi?id=833703
https://security.gentoo.org/glsa/201503-04
http://rhn.redhat.com/errata/RHSA-2012-1098.html
http://www.ubuntu.com/usn/USN-1589-1
http://www.openwall.com/lists/oss-security/2012/07/11/17