What is the severity of CVE-2012-0864?

CVE-2012-0864 is classified as a high severity vulnerability due to the potential for remote code execution.

How do I fix CVE-2012-0864?

To fix CVE-2012-0864, upgrade to a patched version of GNU C Library (glibc) above version 2.14.

Who is affected by CVE-2012-0864?

CVE-2012-0864 affects applications using GNU C Library (glibc) version 2.14, particularly those relying on FORTIFY_SOURCE for format string protection.

Can CVE-2012-0864 be exploited remotely?

Yes, CVE-2012-0864 can be exploited remotely if an attacker provides a specially crafted executable.

What are the implications of CVE-2012-0864 for developers?

Developers must ensure proper handling of format strings and apply available fixes to prevent exploitation of CVE-2012-0864.

Vulnerability/
CVE-2012-0864

medium

6.8

CWE

190 189

17/2/2012

2/5/2013

6/8/2024

CVE-2012-0864: Integer Overflow

First published: Fri Feb 17 2012(Updated: )

In the Phrack article "A Eulogy for Format Strings", a researcher using nickname "Captain Planet" reported an integer overflow flaw in the format string protection mechanism offered by FORTIFY_SOURCE. A remote attacker could provide a specially crafted executable, leading to FORTIFY_SOURCE format string protection mechanism bypass, when executed. References: <a href="http://www.phrack.org/issues.html?issue=67&id=9#article">http://www.phrack.org/issues.html?issue=67&id=9#article</a> Upstream bug and Kees Cook's proposed patches: <a href="http://sourceware.org/bugzilla/show_bug.cgi?id=13656">http://sourceware.org/bugzilla/show_bug.cgi?id=13656</a> <a href="http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html">http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html</a> <a href="http://sourceware.org/ml/libc-alpha/2012-02/msg00012.html">http://sourceware.org/ml/libc-alpha/2012-02/msg00012.html</a> <a href="http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html">http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
GNU C Library	=2.14

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-0864?
CVE-2012-0864 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2012-0864?
To fix CVE-2012-0864, upgrade to a patched version of GNU C Library (glibc) above version 2.14.
Who is affected by CVE-2012-0864?
CVE-2012-0864 affects applications using GNU C Library (glibc) version 2.14, particularly those relying on FORTIFY_SOURCE for format string protection.
Can CVE-2012-0864 be exploited remotely?
Yes, CVE-2012-0864 can be exploited remotely if an attacker provides a specially crafted executable.
What are the implications of CVE-2012-0864 for developers?
Developers must ensure proper handling of format strings and apply available fixes to prevent exploitation of CVE-2012-0864.

agent/type
agent/references
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-0864
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/gnu
canonical/gnu c library
version/gnu c library/2.14