[Bug 1048203] Re: (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow
Bug Watch Updater
1048203 at bugs.launchpad.net
Sun Nov 10 11:42:02 UTC 2013
** Changed in: eglibc (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1048203
Title:
(CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer
overflow
Status in The GNU C Library:
Fix Released
Status in “eglibc” package in Ubuntu:
Confirmed
Status in “eglibc” package in Debian:
Fix Released
Status in Fedora:
Unknown
Status in Gentoo Linux:
Unknown
Bug description:
An integer overflow, leading to buffer overflow flaw was found in the
way the implementation of strcoll() routine, used to compare two
strings based on the current locale, of glibc, the GNU libc libraries,
performed calculation of memory requirements / allocation, needed for
storage of the strings. If an application linked against glibc was
missing an application-level sanity checks for validity of strcoll()
arguments and accepted untrusted input, an attacker could use this
flaw to cause the particular application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application.
Upstream bug report (including reproducer):
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547
To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1048203/+subscriptions
More information about the foundations-bugs
mailing list