CVE-2012-3405

Name of the Vulnerable Software and Affected Versions GNU C Library (aka glibc) versions 2.14 and other versions

Description The issue arises from a miscalculation of buffer length in the vfprintf function, allowing attackers to bypass format-string protection and cause a denial of service, resulting in a segmentation fault and crash. This occurs when a format string contains a large number of format specifiers, triggering desynchronization within the buffer size handling.

Recommendations For GNU C Library (aka glibc) versions 2.14 and other versions, consider disabling the vfprintf function as a temporary workaround until a patch is available. Restrict the use of format strings with multiple format specifiers to minimize the risk of exploitation.