CVE-2012-0864

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-0864
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2012-0393.html
http://rhn.redhat.com/errata/RHSA-2012-0397.html
http://rhn.redhat.com/errata/RHSA-2012-0488.html
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html Exploit
http://www.phrack.org/issues.html?issue=67&id=9#article Exploit
http://www.securityfocus.com/bid/52201 Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=794766
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
History

13 Feb 2023, 03:28

Type Values Removed Values Added
Summary CVE-2012-0864 glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:0531', 'name': 'https://access.redhat.com/errata/RHSA-2012:0531', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:0488', 'name': 'https://access.redhat.com/errata/RHSA-2012:0488', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:0397', 'name': 'https://access.redhat.com/errata/RHSA-2012:0397', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2012-0864', 'name': 'https://access.redhat.com/security/cve/CVE-2012-0864', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:0393', 'name': 'https://access.redhat.com/errata/RHSA-2012:0393', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 15:15

Type Values Removed Values Added
Summary Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. CVE-2012-0864 glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow
References
  • {'url': 'http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e', 'name': 'http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e', 'tags': ['Exploit', 'Patch'], 'refsource': 'MISC'}
  • (MISC) https://access.redhat.com/errata/RHSA-2012:0531 -
  • (MISC) https://access.redhat.com/errata/RHSA-2012:0488 -
  • (MISC) https://access.redhat.com/errata/RHSA-2012:0397 -
  • (MISC) http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e -
  • (MISC) https://access.redhat.com/security/cve/CVE-2012-0864 -
  • (MISC) https://access.redhat.com/errata/RHSA-2012:0393 -
Information

Published : 2013-05-02 14:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-0864

Mitre link : CVE-2012-0864

CVE.ORG link : CVE-2012-0864

JSON object : View

Products Affected

gnu

  • glibc
CWE
CWE-189

Numeric Errors