Search for vulnerabilities
Vulnerability details: VCID-pqje-acer-aaaq
Vulnerability ID VCID-pqje-acer-aaaq
Aliases CVE-2012-3480
Summary Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
CWE-121 Stack-based Buffer Overflow
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1207
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1208
rhas Important https://access.redhat.com/errata/RHSA-2012:1325
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
epss 0.0071 https://api.first.org/data/v1/epss?cve=CVE-2012-3480
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=847715
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2012-3480
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html
http://osvdb.org/84710
http://rhn.redhat.com/errata/RHSA-2012-1207.html
http://rhn.redhat.com/errata/RHSA-2012-1208.html
http://rhn.redhat.com/errata/RHSA-2012-1262.html
http://rhn.redhat.com/errata/RHSA-2012-1325.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3480.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480
http://secunia.com/advisories/50201
http://secunia.com/advisories/50422
http://sourceware.org/bugzilla/show_bug.cgi?id=14459
http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html
https://security.gentoo.org/glsa/201503-04
http://www.openwall.com/lists/oss-security/2012/08/13/4
http://www.openwall.com/lists/oss-security/2012/08/13/6
http://www.securityfocus.com/bid/54982
http://www.securitytracker.com/id?1027374
http://www.ubuntu.com/usn/USN-1589-1
684889 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684889
847715 https://bugzilla.redhat.com/show_bug.cgi?id=847715
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
CVE-2012-3480 https://nvd.nist.gov/vuln/detail/CVE-2012-3480
CVE-2012-3480;OSVDB-84710 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/37631.c
CVE-2012-3480;OSVDB-84710 Exploit https://www.securityfocus.com/bid/54982/info
RHSA-2012:1207 https://access.redhat.com/errata/RHSA-2012:1207
RHSA-2012:1208 https://access.redhat.com/errata/RHSA-2012:1208
RHSA-2012:1325 https://access.redhat.com/errata/RHSA-2012:1325
USN-1589-1 https://usn.ubuntu.com/1589-1/
USN-1589-2 https://usn.ubuntu.com/1589-2/
Data source Exploit-DB
Date added Aug. 13, 2012
Description GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities
Ransomware campaign use Known
Source publication date Aug. 13, 2012
Exploit type local
Platform linux
Source update date July 18, 2015
Source URL https://www.securityfocus.com/bid/54982/info
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-3480
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.14127
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.