OSVDB ID: 84710

Title: GNU C Library (glibc) Multiple Function Input String Parsing Integer Overflows

Info

Disclosure

Aug 12, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 25, 2012

Description

GNU C Library (glibc) is prone to an overflow condition. This issue is triggered by integer overflows in the strtod(), strtof(), strtold(), and strtod_l() functions when parsing input strings, which will result in a buffer overflow. With a specially crafted overly long string, a remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: PoC Public
Disclosure: Vendor Verified

Solution

It has been reported that this issue has been fixed. Upgrade to version 2.17, or higher, to address this vulnerability.

Products

Free Software Foundation, Inc.

GNU C Library

2.16

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/84710