Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNU glibc 格式化打印功能权限许可和访问控制漏洞
Vulnerability Description
GNU C Library(又名glibc,libc6)是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.5和2.12他版本中的stdio-common/vfprintf.c文件中的‘vfprintf’函数中存在安全漏洞,该漏洞源于程序在分配SPECS数组时,没有正确限制alloca函数的使用。攻击者可通过使用positional参数的格式字符串和大量的格式说明符利用该漏洞绕过FORTIFY_SOURCE格式字符串保护机制,造成拒绝服务(崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A