Back to search
CVE-2012-0864
Published: May 2, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2012:0531
vendor-advisory
x_refsource_REDHAT
52201
vdb-entry
x_refsource_BID
RHSA-2012:0393
vendor-advisory
x_refsource_REDHAT
RHSA-2012:0397
vendor-advisory
x_refsource_REDHAT
RHSA-2012:0488
vendor-advisory
x_refsource_REDHAT
[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=794766
x_refsource_CONFIRM
http://www.phrack.org/issues.html?issue=67&id=9#article
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now