| Vulnerability Name: | CVE-2012-3480 (CCN-77692) | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2012-08-12 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2012-08-12 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-121 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-3480 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2012-1207 Moderate: glibc security and bug fix update Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2012-1208 Moderate: glibc security update Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2012-1262 Important: rhev-hypervisor5 security and bug fix update Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2012-1325 Important: rhev-hypervisor6 security and bug fix update Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: SA50201 GNU C Library stdlib Functions Integer Overflow Weaknesses Source: CCN Type: SA51555 VMware ESXi glibc Multiple Vulnerabilities Source: CCN Type: SA51556 Avaya Aura System Manager GNU C Library stdlib Functions Integer Overflow Weaknesses Source: CCN Type: SA51920 Avaya Aura Session Manager Multiple Vulnerabilities Source: CCN Type: Sources Bugzilla Bug 14459 strtod integer and buffer overflows Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: GNU C Library Web page GNU C Library Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: OSVDB ID: 84710 GNU C Library (glibc) Multiple Function Input String Parsing Multiple Remote Overflow Source: CCN Type: BID-54982 GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: VMSA-2012-0018 VMware security updates for vCSA and ESXi Source: CCN Type: ASA-2012-386 glibc security and bug fix update (RHSA-2012-1207) Source: XF Type: UNKNOWN gnuclibrary-multiple-functions-bo(77692) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||||||