Search for vulnerabilities
Vulnerability details: VCID-zmwd-c2np-aaar
Vulnerability ID VCID-zmwd-c2np-aaar
Aliases CVE-2012-3406
Summary The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1097
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1098
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1200
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.00324 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
epss 0.02781 https://api.first.org/data/v1/epss?cve=CVE-2012-3406
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7424
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1473
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2012-3406
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2012-1097.html
http://rhn.redhat.com/errata/RHSA-2012-1098.html
http://rhn.redhat.com/errata/RHSA-2012-1185.html
http://rhn.redhat.com/errata/RHSA-2012-1200.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3406.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3406
https://bugzilla.redhat.com/attachment.cgi?id=594722
https://bugzilla.redhat.com/show_bug.cgi?id=826943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1473
https://security.gentoo.org/glsa/201503-04
http://www.openwall.com/lists/oss-security/2012/07/11/17
http://www.ubuntu.com/usn/USN-1589-1
681888 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681888
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVE-2012-3406 https://nvd.nist.gov/vuln/detail/CVE-2012-3406
RHSA-2012:1097 https://access.redhat.com/errata/RHSA-2012:1097
RHSA-2012:1098 https://access.redhat.com/errata/RHSA-2012:1098
RHSA-2012:1200 https://access.redhat.com/errata/RHSA-2012:1200
USN-1589-1 https://usn.ubuntu.com/1589-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-3406
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.71212
EPSS Score 0.00324
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.