CVE-2012-4424

Priority
Description
Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka
glibc or libc6) 2.17 and earlier allows context-dependent attackers to
cause a denial of service (crash) or possibly execute arbitrary code via a
long string that triggers a malloc failure and use of the alloca function.
Assigned-to
mdeslaur
Notes
jdstrandintroduced in http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5358d026c74
Package
Upstream:needs-triage
Patches:
Upstream:https://sourceware.org/git/?p=glibc.git;a=commit;h=1326ba1af22068db9488c2328bdaf852b8a93dcf (backporting)
Upstream:https://sourceware.org/git/?p=glibc.git;a=commit;h=141f3a77fe4f1b59b0afa9bf6909cd2000448883
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
More Information

Updated: 2019-12-05 21:00:05 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)