{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2012-4424", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "[oss-security] 20130913 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552)", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2012/09/13/16" }, { "name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", "refsource" : "CONFIRM", "url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=14547" }, { "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=858238", "refsource" : "CONFIRM", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=858238" }, { "name" : "GLSA-201503-04", "refsource" : "GENTOO", "url" : "https://security.gentoo.org/glsa/201503-04" }, { "name" : "MDVSA-2013:283", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283" }, { "name" : "MDVSA-2013:284", "refsource" : "MANDRIVA", "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284" }, { "name" : "USN-1991-1", "refsource" : "UBUNTU", "url" : "http://www.ubuntu.com/usn/USN-1991-1" } ] } }