CVE-2012-3480
Published: 25 August 2012
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Notes
| Author | Note |
|---|---|
| jdstrand | stack-protector should prevent code execution |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
eglibc Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.11.1-0ubuntu7.11)
|
|
| natty |
Released
(2.13-0ubuntu13.2)
|
|
| oneiric |
Released
(2.13-20ubuntu5.2)
|
|
| precise |
Released
(2.15-0ubuntu10.2)
|
|
| upstream |
Needs triage
|
|
| This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. | ||
|
glibc Launchpad, Ubuntu, Debian |
hardy |
Released
(2.7-10ubuntu8.2)
|
| lucid |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| upstream |
Needs triage
|
|
| This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. | ||