CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3405

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.4%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2012-3405

Gnu » Glibc » Version: 2.14

cpe:2.3:a:gnu:glibc:2.14
Redhat » Enterprise Virtualization » Version: 3.0

cpe:2.3:a:redhat:enterprise_virtualization:3.0
Canonical » Ubuntu Linux » Version: 10.04

cpe:2.3:o:canonical:ubuntu_linux:10.04
Canonical » Ubuntu Linux » Version: 11.04

cpe:2.3:o:canonical:ubuntu_linux:11.04
Canonical » Ubuntu Linux » Version: 11.10

cpe:2.3:o:canonical:ubuntu_linux:11.10
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 8.04

cpe:2.3:o:canonical:ubuntu_linux:8.04
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3405

Products

Pricing

Contact Us