Buffer Length Calculation Issue in GNU C Library Affects Glibc
CVE-2012-3404

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Enterprise Linux; Enterprise Virtualization; Glibc
Vendor: CVE Published:; 10 February 2014

Summary

A vulnerability exists in the GNU C Library that improperly calculates buffer lengths in the vfprintf function, which may permit context-dependent attackers to bypass FORTIFY_SOURCE protections. This flaw opens the door to denial of service attacks, manifested as stack corruption and application crashes when format strings utilize positional parameters and multiple format specifiers. Comprehensive remediation is crucial to mitigate potential exploitation.

References

http://rhn.redhat.com/errata/RHSA-2012-1200.html

vendor-advisoryx_refsource_REDHAT

https://sourceware.org/bugzilla/show_bug.cgi?id=12445

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=833703

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 10, 2014
Vulnerability Reserved
Jun 14, 2012