CVE-2012-4412

glibc < 2.17 - Heap-Based Buffer Overflow via Long String in strcoll_l

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4412. PoCs published by Jan iankko Lieskovsky, gitcollect.

AI-analyzed exploit summary This exploit demonstrates an integer overflow in GNU glibc's strcoll function when processing large strings in certain locales, leading to a buffer overflow. The PoC allocates a large buffer and triggers the overflow via strcoll, potentially allowing arbitrary code execution.

Description

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Jan iankko Lieskovsky · cdoslinux
https://www.exploit-db.com/exploits/37783

This exploit demonstrates an integer overflow in GNU glibc's strcoll function when processing large strings in certain locales, leading to a buffer overflow. The PoC allocates a large buffer and triggers the overflow via strcoll, potentially allowing arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: GNU glibc (versions affected by CVE-2012-4412)
No auth needed
Prerequisites: Target system must use a vulnerable version of glibc · Locale 'en_GB.UTF-8' must be available
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by gitcollect · cpoc
https://github.com/gitcollect/CVE_Exploits/tree/master/cve-2012-4412

This PoC demonstrates a heap-based buffer overflow in the strcoll function when processing large strings with specific locale settings (en_GB.UTF-8). The exploit allocates a large buffer (429496730 bytes) and fills it with 'x' characters, triggering the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: GNU C Library (glibc) versions affected by CVE-2012-4412
No auth needed
Prerequisites: System with vulnerable glibc version · Locale en_GB.UTF-8 must be available
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55113
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=855385
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1991-1
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
Exploit, Patch x_refsource_confirm
http://sourceware.org/bugzilla/show_bug.cgi?id=14547
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/07/9
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201503-04
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jun/18
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/14

Scores

EPSS 0.1666
EPSS Percentile 96.6%

Details

CWE
CWE-189
Status published
Products (26)
gnu/glibc 2.0
gnu/glibc 2.0.1
gnu/glibc 2.0.2
gnu/glibc 2.0.3
gnu/glibc 2.0.4
gnu/glibc 2.0.5
gnu/glibc 2.0.6
gnu/glibc 2.1
gnu/glibc 2.1.1
gnu/glibc 2.1.1.6
... and 16 more
Published Oct 09, 2013
Tracked Since Feb 18, 2026