CVE-2012-3480
Public on 2012-08-25
Modified on 2014-09-14
Description
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | glibc | 2012-09-04 | ALAS-2012-120 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 4.4 | AV:L/AC:M/Au:N/C:P/I:P/A:P |
| NVD | CVSSv2 | 4.6 | AV:L/AC:L/Au:N/C:P/I:P/A:P |