CVE-2012-3480
Published: 25 August 2012
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Notes
Author | Note |
---|---|
jdstrand | stack-protector should prevent code execution |
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.11.1-0ubuntu7.11)
|
|
natty |
Released
(2.13-0ubuntu13.2)
|
|
oneiric |
Released
(2.13-20ubuntu5.2)
|
|
precise |
Released
(2.15-0ubuntu10.2)
|
|
upstream |
Needs triage
|
|
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. | ||
glibc Launchpad, Ubuntu, Debian |
hardy |
Released
(2.7-10ubuntu8.2)
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Needs triage
|
|
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. |