CVE-2012-3480

GNU Glibc - Numeric Error

Title source: rule

Description

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Joseph S. Myer · clocallinux

https://www.exploit-db.com/exploits/37631

View Code ZIP pw:eip

References (16)

[Patch] http://sourceware.org/bugzilla/show_bug.cgi?id=14459

[Patch] http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-1207.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-1208.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-1262.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-1325.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html

[Third Party Advisory, VDB Entry] http://osvdb.org/84710

[Vendor Advisory] http://secunia.com/advisories/50201

[Third Party Advisory] http://secunia.com/advisories/50422

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/54982

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027374

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1589-1

[Third Party Advisory] https://security.gentoo.org/glsa/201503-04

[Mailing List] http://www.openwall.com/lists/oss-security/2012/08/13/4

[Mailing List] http://www.openwall.com/lists/oss-security/2012/08/13/6

Scores

EPSS 0.0020

EPSS Percentile 42.3%

Details

CWE

CWE-189

Status published

Products (1)

gnu/glibc 2.16

Published Aug 25, 2012

Tracked Since Feb 18, 2026