CVE Vulnerabilities

CVE-2012-4412

Published: Oct 09, 2013 | Modified: Jun 13, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Glibc Gnu 2.1.2 2.1.2
Glibc Gnu 2.11 2.11
Glibc Gnu 2.0.5 2.0.5
Glibc Gnu 2.0.6 2.0.6
Glibc Gnu 2.10.1 2.10.1
Glibc Gnu 2.1.1 2.1.1
Glibc Gnu 2.14 2.14
Glibc Gnu 2.0.3 2.0.3
Glibc Gnu 2.0 2.0
Glibc Gnu 2.13 2.13
Glibc Gnu 2.1.1.6 2.1.1.6
Glibc Gnu 2.1 2.1
Glibc Gnu 2.1.9 2.1.9
Glibc Gnu 2.12.1 2.12.1
Glibc Gnu 2.0.1 2.0.1
Glibc Gnu 2.14.1 2.14.1
Glibc Gnu 2.11.2 2.11.2
Glibc Gnu 2.0.4 2.0.4
Glibc Gnu 2.0.2 2.0.2
Glibc Gnu 2.16 2.16
Glibc Gnu * 2.17
Glibc Gnu 2.11.3 2.11.3
Glibc Gnu 2.11.1 2.11.1
Glibc Gnu 2.1.3 2.1.3
Glibc Gnu 2.15 2.15
Glibc Gnu 2.12.2 2.12.2

References