CVE - CVE-2012-3480

CVE-ID
CVE-2012-3480	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459) URL:http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html MLIST:[oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines URL:http://www.openwall.com/lists/oss-security/2012/08/13/4 MLIST:[oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines URL:http://www.openwall.com/lists/oss-security/2012/08/13/6 MISC:http://sourceware.org/bugzilla/show_bug.cgi?id=14459 FEDORA:FEDORA-2012-11927 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html GENTOO:GLSA-201503-04 URL:https://security.gentoo.org/glsa/201503-04 REDHAT:RHSA-2012:1207 URL:http://rhn.redhat.com/errata/RHSA-2012-1207.html REDHAT:RHSA-2012:1208 URL:http://rhn.redhat.com/errata/RHSA-2012-1208.html REDHAT:RHSA-2012:1262 URL:http://rhn.redhat.com/errata/RHSA-2012-1262.html REDHAT:RHSA-2012:1325 URL:http://rhn.redhat.com/errata/RHSA-2012-1325.html UBUNTU:USN-1589-1 URL:http://www.ubuntu.com/usn/USN-1589-1 BID:54982 URL:http://www.securityfocus.com/bid/54982 OSVDB:84710 URL:http://osvdb.org/84710 SECTRACK:1027374 URL:http://www.securitytracker.com/id?1027374 SECUNIA:50201 URL:http://secunia.com/advisories/50201 SECUNIA:50422 URL:http://secunia.com/advisories/50422
Assigning CNA
N/A
Date Entry Created
20120614	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120614)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org