CVE-2012-4424

Published: 09 October 2013

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

Priority

Low

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=1326ba1af22068db9488c2328bdaf852b8a93dcf (backporting)
Upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=141f3a77fe4f1b59b0afa9bf6909cd2000448883
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.
glibc
Launchpad, Ubuntu, Debian
Upstream Needs triage

This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.