What is the severity of CVE-2012-4412?

CVE-2012-4412 has a high severity rating due to the potential for remote code execution through a buffer overflow.

How do I fix CVE-2012-4412?

To fix CVE-2012-4412, upgrade to a version of glibc that is higher than 2.17.

Which versions of glibc are affected by CVE-2012-4412?

CVE-2012-4412 affects glibc versions from 2.0 up to and including 2.17.

What impact does CVE-2012-4412 have on systems?

Systems affected by CVE-2012-4412 may experience a buffer overflow, which can lead to arbitrary code execution.

Is CVE-2012-4412 a local or remote vulnerability?

CVE-2012-4412 is primarily a remote vulnerability that can be exploited over a network.

Vulnerability/
CVE-2012-4412

high

7.5

CWE

119 190 189

7/9/2012

9/10/2013

13/6/2019

CVE-2012-4412: Buffer Overflow

First published: Fri Sep 07 2012(Updated: )

An integer overflow, leading to buffer overflow flaw was found in the way the implementation of strcoll() routine, used to compare two strings based on the current locale, of glibc, the GNU libc libraries, performed calculation of memory requirements / allocation, needed for storage of the strings. If an application linked against glibc was missing an application-level sanity checks for validity of strcoll() arguments and accepted untrusted input, an attacker could use this flaw to cause the particular application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Upstream bug report (including reproducer): [1] <a href="http://sourceware.org/bugzilla/show_bug.cgi?id=14547">http://sourceware.org/bugzilla/show_bug.cgi?id=14547</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
GNU C Library (glibc)	<=2.17
GNU C Library (glibc)	=2.0
GNU C Library (glibc)	=2.0.1
GNU C Library (glibc)	=2.0.2
GNU C Library (glibc)	=2.0.3
GNU C Library (glibc)	=2.0.4
GNU C Library (glibc)	=2.0.5
GNU C Library (glibc)	=2.0.6
GNU C Library (glibc)	=2.1
GNU C Library (glibc)	=2.1.1
GNU C Library (glibc)	=2.1.1.6
GNU C Library (glibc)	=2.1.2
GNU C Library (glibc)	=2.1.3
GNU C Library (glibc)	=2.1.9
GNU C Library (glibc)	=2.10.1
GNU C Library (glibc)	=2.11
GNU C Library (glibc)	=2.11.1
GNU C Library (glibc)	=2.11.2
GNU C Library (glibc)	=2.11.3
GNU C Library (glibc)	=2.12.1
GNU C Library (glibc)	=2.12.2
GNU C Library (glibc)	=2.13
GNU C Library (glibc)	=2.14
GNU C Library (glibc)	=2.14.1
GNU C Library (glibc)	=2.15
GNU C Library (glibc)	=2.16

Remedy

http://sourceware.org/bugzilla/show_bug.cgi?id=14547

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4412?
CVE-2012-4412 has a high severity rating due to the potential for remote code execution through a buffer overflow.
How do I fix CVE-2012-4412?
To fix CVE-2012-4412, upgrade to a version of glibc that is higher than 2.17.
Which versions of glibc are affected by CVE-2012-4412?
CVE-2012-4412 affects glibc versions from 2.0 up to and including 2.17.
What impact does CVE-2012-4412 have on systems?
Systems affected by CVE-2012-4412 may experience a buffer overflow, which can lead to arbitrary code execution.
Is CVE-2012-4412 a local or remote vulnerability?
CVE-2012-4412 is primarily a remote vulnerability that can be exploited over a network.

collector/redhat-bugzilla
alias/CVE-2012-4412
agent/weakness
agent/severity
agent/author
agent/type
agent/event
agent/first-publish-date
agent/remedy
agent/tags
agent/softwarecombine
agent/last-modified-date
agent/description
agent/references
collector/nvd-index
agent/software-canonical-lookup-request
vendor/gnu
canonical/gnu c library (glibc)
version/gnu c library (glibc)/2.17
version/gnu c library (glibc)/2.0
version/gnu c library (glibc)/2.0.1
version/gnu c library (glibc)/2.0.2
version/gnu c library (glibc)/2.0.3
version/gnu c library (glibc)/2.0.4
version/gnu c library (glibc)/2.0.5
version/gnu c library (glibc)/2.0.6
version/gnu c library (glibc)/2.1
version/gnu c library (glibc)/2.1.1
version/gnu c library (glibc)/2.1.1.6
version/gnu c library (glibc)/2.1.2
version/gnu c library (glibc)/2.1.3
version/gnu c library (glibc)/2.1.9
version/gnu c library (glibc)/2.10.1
version/gnu c library (glibc)/2.11
version/gnu c library (glibc)/2.11.1
version/gnu c library (glibc)/2.11.2
version/gnu c library (glibc)/2.11.3
version/gnu c library (glibc)/2.12.1
version/gnu c library (glibc)/2.12.2
version/gnu c library (glibc)/2.13
version/gnu c library (glibc)/2.14
version/gnu c library (glibc)/2.14.1
version/gnu c library (glibc)/2.15
version/gnu c library (glibc)/2.16

CVE-2012-4412: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4412?

How do I fix CVE-2012-4412?

Which versions of glibc are affected by CVE-2012-4412?

What impact does CVE-2012-4412 have on systems?

Is CVE-2012-4412 a local or remote vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-4412?

How do I fix CVE-2012-4412?

Which versions of glibc are affected by CVE-2012-4412?

What impact does CVE-2012-4412 have on systems?

Is CVE-2012-4412 a local or remote vulnerability?