CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

Published: Feb 10, 2014
Updated: Apr 13, 2023
CVE: CVE-2012-3406
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	8.04	8.04.x
redhat / enterprise_linux	6.0	6.0.x
canonical / ubuntu_linux	11.04	11.04.x
canonical / ubuntu_linux	11.10	11.10.x
redhat / enterprise_virtualization	3.0	3.0.x
redhat / enterprise_linux	5	5.x
canonical / ubuntu_linux	12.04	12.04.x
gnu / glibc	2.5	2.5.x
canonical / ubuntu_linux	10.04	10.04.x
gnu / glibc	2.12	2.12.x

Vulnerability Database

289,697

CVE-2012-3406