Launchpad CVE tracker

CVE 2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

Related bugs and status

CVE-2012-3406 (Candidate) is related to these bugs:

Bug #613662: nscd doesn't cache host entries

		In	Importance	Status
613662	nscd doesn't cache host entries	eglibc (Ubuntu)	Medium	Fix Released
613662	nscd doesn't cache host entries	eglibc (Ubuntu Precise)	Undecided	Fix Released
613662	nscd doesn't cache host entries	eglibc (Ubuntu Quantal)	Undecided	Fix Released

Bug #929565: eglibc packaging in lucid break on epoch

Summary				In	Importance	Status
	929565	eglibc packaging in lucid break on epoch		eglibc (Ubuntu)	Undecided	Fix Released

Bug #956051: libc6 crash while running 'xm'

Summary				In	Importance	Status
	956051	libc6 crash while running 'xm'		eglibc (Ubuntu)	Undecided	Fix Released
	956051	libc6 crash while running 'xm'		eglibc (Ubuntu Precise)	High	Fix Released

Bug #979003: libc incorrectly detects AVX support

		In	Importance	Status
979003	libc incorrectly detects AVX support	eglibc (Ubuntu)	High	Fix Released
979003	libc incorrectly detects AVX support	eglibc (Ubuntu Lucid)	High	Fix Released
979003	libc incorrectly detects AVX support	eglibc (Ubuntu Precise)	High	Fix Released
979003	libc incorrectly detects AVX support	eglibc (Ubuntu Quantal)	High	Fix Released
979003	libc incorrectly detects AVX support	eglibc (Ubuntu Oneiric)	High	Fix Released

Bug #1000498: fmod() incorrectly returns NaN for (some?) denormalized inputs

		In	Importance	Status
1000498	fmod() incorrectly returns NaN for (some?) denormalized inputs	eglibc (Ubuntu)	Medium	Fix Released
1000498	fmod() incorrectly returns NaN for (some?) denormalized inputs	eglibc	Medium	Fix Released
1000498	fmod() incorrectly returns NaN for (some?) denormalized inputs	eglibc (Ubuntu Precise)	Medium	Fix Released
1000498	fmod() incorrectly returns NaN for (some?) denormalized inputs	eglibc (Ubuntu Quantal)	Medium	Fix Released

Bug #1007457: Bogus FPE on underflow for exp(double)

Summary				In	Importance	Status
	1007457	Bogus FPE on underflow for exp(double)		eglibc (Ubuntu)	Undecided	Fix Released
	1007457	Bogus FPE on underflow for exp(double)		eglibc (Ubuntu Precise)	Medium	Fix Released

Bug #1010069: bits/fcntl.h does not define AT_EMPTY_PATH

Summary				In	Importance	Status
	1010069	bits/fcntl.h does not define AT_EMPTY_PATH		eglibc (Ubuntu)	Medium	Fix Released
	1010069	bits/fcntl.h does not define AT_EMPTY_PATH		eglibc (Ubuntu Precise)	Medium	Fix Released

Bug #1016349: htons() returns wrong type on non-{i386,amd64} platforms

		In	Importance	Status
1016349	htons() returns wrong type on non-{i386,amd64} platforms	eglibc (Ubuntu)	Undecided	Fix Released
1016349	htons() returns wrong type on non-{i386,amd64} platforms	eglibc	Medium	Fix Released
1016349	htons() returns wrong type on non-{i386,amd64} platforms	glibc (Fedora)	Medium	Fix Released
1016349	htons() returns wrong type on non-{i386,amd64} platforms	eglibc (Ubuntu Precise)	Medium	Fix Released

Bug #1028038: sscanf always calls realloc/causes deadlock in google-perftools

Summary				In	Importance	Status
	1028038	sscanf always calls realloc/causes deadlock in google-perftools		eglibc (Ubuntu)	High	Fix Released
	1028038	sscanf always calls realloc/causes deadlock in google-perftools		eglibc (Ubuntu Precise)	High	Fix Released

Bug #1031301: Exploit for unpatched CVE reported in wild.

Summary				In	Importance	Status
	1031301	Exploit for unpatched CVE reported in wild.		eglibc (Ubuntu)	Undecided	Fix Released
	1031301	Exploit for unpatched CVE reported in wild.		glibc (Ubuntu)	Undecided	Fix Released

Bug #1085342: Pulseaudio applications hang (Totem, GNOME Shell etc.)

		In	Importance	Status
1085342	Pulseaudio applications hang (Totem, GNOME Shell etc.)	totem (Ubuntu)	Undecided	Invalid
1085342	Pulseaudio applications hang (Totem, GNOME Shell etc.)	GLibC	Medium	Fix Released
1085342	Pulseaudio applications hang (Totem, GNOME Shell etc.)	eglibc (Ubuntu)	Undecided	Fix Released
1085342	Pulseaudio applications hang (Totem, GNOME Shell etc.)	eglibc (Debian)	Unknown	Fix Released
1085342	Pulseaudio applications hang (Totem, GNOME Shell etc.)	eglibc (Ubuntu Precise)	Undecided	Won't Fix
1085342	Pulseaudio applications hang (Totem, GNOME Shell etc.)	totem (Ubuntu Precise)	Undecided	Invalid
1085342	Pulseaudio applications hang (Totem, GNOME Shell etc.)	eglibc (Ubuntu Quantal)	Undecided	Won't Fix
1085342	Pulseaudio applications hang (Totem, GNOME Shell etc.)	totem (Ubuntu Quantal)	Undecided	Invalid

Bug #1088677: rtld: limit self loading check to normal mode only

		In	Importance	Status
1088677	rtld: limit self loading check to normal mode only	eglibc (Ubuntu)	Undecided	Fix Released
1088677	rtld: limit self loading check to normal mode only	eglibc (Ubuntu Precise)	Undecided	Fix Released
1088677	rtld: limit self loading check to normal mode only	eglibc (Ubuntu Quantal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3406

References