CVE-2012-4424 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-4424 PUBLISHED CVSS 5.099999904632568 MEDIUM

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

EPSS 0.61% · 69.5th percentile

Risk Scores

CVSS v2.0

5.099999904632568

EPSS Score

0.61%

69.5th percentile

Affected Products

Vendor	Product	Versions
gnu	glibc	2.16, 0, 2.0
n/a	n/a	n/a

Timeline

Oct 9, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

USN-1991-1 vendor-advisory
MDVSA-2013:284 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=858238 url
http://sourceware.org/bugzilla/show_bug.cgi?id=14547 url
[oss-security] 20130913 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) mailing-list
GLSA-201503-04 vendor-advisory
MDVSA-2013:283 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2012-4424 advisory

Open in Interactive Console →