CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3404

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.9%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2012-3404

Gnu » Glibc » Version: 2.12

cpe:2.3:a:gnu:glibc:2.12
Redhat » Enterprise Virtualization » Version: 3.0

cpe:2.3:a:redhat:enterprise_virtualization:3.0
Canonical » Ubuntu Linux » Version: 10.04

cpe:2.3:o:canonical:ubuntu_linux:10.04
Canonical » Ubuntu Linux » Version: 11.04

cpe:2.3:o:canonical:ubuntu_linux:11.04
Canonical » Ubuntu Linux » Version: 11.10

cpe:2.3:o:canonical:ubuntu_linux:11.10
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 8.04

cpe:2.3:o:canonical:ubuntu_linux:8.04
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3404

Products

Pricing

Contact Us