Launchpad.net

CVE 2012-4424

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

Related bugs and status

CVE-2012-4424 (Candidate) is related to these bugs:

Bug #1020210: Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption

		In	Importance	Status
1020210	Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption	eglibc (Ubuntu)	Undecided	Fix Released
1020210	Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption	eglibc	Medium	Fix Released
1020210	Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption	eglibc (Ubuntu Precise)	Undecided	Fix Released

Bug #1048203: (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow

		In	Importance	Status
1048203	(CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow	eglibc (Ubuntu)	Undecided	Fix Released
1048203	(CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow	Fedora	Medium	Won't Fix
1048203	(CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow	Gentoo Linux	High	Fix Released
1048203	(CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow	GLibC	Medium	Fix Released
1048203	(CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow	eglibc (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-4424

Related bugs and status

Related bugs

References