CVE-2012-3406

10.02.2014, 18:15

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 77%

Vendor	Product	Version
gnu	glibc	2.5
gnu	glibc	2.12
redhat	enterprise_virtualization	3.0
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	11.04
canonical	ubuntu_linux	11.10
canonical	ubuntu_linux	12.04
redhat	enterprise_linux	6.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

glibc

bullseye	2.31-13+deb11u11 fixed
bullseye (security)	2.31-13+deb11u10 fixed
bookworm	2.36-9+deb12u8 fixed
bookworm (security)	2.36-9+deb12u7 fixed
sid	2.40-3 fixed
trixie	2.40-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

eglibc

precise	Fixed 2.15-0ubuntu10.2 released
oneiric	Fixed 2.13-20ubuntu5.2 released
natty	Fixed 2.13-0ubuntu13.2 released
lucid	Fixed 2.11.1-0ubuntu7.11 released
hardy	dne