Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNU glibc 格式化打印功能数字错误漏洞
Vulnerability Description
GNU C Library(又名glibc,libc6)是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.14版本中的stdio-common/vfprintf.c文件中的‘vfprintf’函数中存在安全漏洞,该漏洞源于程序没有正确地计算缓冲区长度。攻击者可借助带有大量格式说明符的格式字符串利用该漏洞绕过FORTIFY_SOURCE格式字符串保护机制,造成拒绝服务(段错误和崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A