CVE-2012-3405

Priority
Description
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library
(aka glibc) 2.14 and other versions does not properly calculate a buffer
length, which allows context-dependent attackers to bypass the
FORTIFY_SOURCE format-string protection mechanism and cause a denial of
service (segmentation fault and crash) via a format string with a large
number of format specifiers that triggers "desynchronization within the
buffer size handling," a different vulnerability than CVE-2012-3404.
Notes
 sbeattie> lucid -> oneiric only
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Patches:
Upstream:http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
More Information

Updated: 2018-10-31 21:06:10 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)