CVE-2012-3404

Name of the Vulnerable Software and Affected Versions glibc version 2.12

Description The issue is related to the vfprintf function in the GNU C Library, which does not properly calculate a buffer length. This allows attackers to bypass the FORTIFY SOURCE format-string protection mechanism, potentially causing a denial of service due to stack corruption and crash. The attack is context-dependent and involves the use of a format string with positional parameters and many format specifiers.

Recommendations For glibc version 2.12, consider applying a patch or updating to a newer version that addresses this issue, as the current version does not properly handle buffer length calculations in the vfprintf function.