CVE-2012-4412

GNU Glibc < 2.17 - Numeric Error

Title source: rule

Description

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Jan iankko Lieskovsky · cdoslinux

https://www.exploit-db.com/exploits/37783

View Code ZIP pw:eip

github WORKING POC

by gitcollect · cpoc

https://github.com/gitcollect/CVE_Exploits/tree/master/cve-2012-4412

View Code ZIP pw:eip

References (11)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

[Mailing List] http://seclists.org/fulldisclosure/2019/Jun/18

[Third Party Advisory] http://secunia.com/advisories/55113

[Exploit, Patch] http://sourceware.org/bugzilla/show_bug.cgi?id=14547

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2013:283

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2013:284

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1991-1

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=855385

[Mailing List] https://seclists.org/bugtraq/2019/Jun/14

[Third Party Advisory] https://security.gentoo.org/glsa/201503-04

[Mailing List] http://www.openwall.com/lists/oss-security/2012/09/07/9

Scores

EPSS 0.1870

EPSS Percentile 95.3%

Details

CWE

CWE-189

Status published

Products (26)

gnu/glibc 2.0

gnu/glibc 2.0.1

gnu/glibc 2.0.2

gnu/glibc 2.0.3

gnu/glibc 2.0.4

gnu/glibc 2.0.5

gnu/glibc 2.0.6

gnu/glibc 2.1

gnu/glibc 2.1.1

gnu/glibc 2.1.1.6

... and 16 more

Published Oct 09, 2013

Tracked Since Feb 18, 2026