CVE-2012-0864
glibc - Integer Overflow and Format String Attack via vfprintf
Title source: llmDescription
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0531.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0488.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52201
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0393.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0397.html
Patch x_refsource_misc
http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
Exploit mailing-list
x_refsource_mlist
http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=794766
Exploit x_refsource_misc
http://www.phrack.org/issues.html?issue=67&id=9#article
Scores
EPSS
0.0304
EPSS Percentile
86.8%
Details
CWE
CWE-189
Status
published
Products (1)
gnu/glibc
2.14
Published
May 02, 2013
Tracked Since
Feb 18, 2026