CVE-2010-4051
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/01/2011
Last modified:
07/11/2023
Description
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://cxib.net/stuff/proftpd.gnu.c
- http://seclists.org/fulldisclosure/2011/Jan/78
- http://secunia.com/advisories/42547
- http://securityreason.com/achievement_securityalert/93
- http://securityreason.com/securityalert/8003
- http://securitytracker.com/id?1024832=
- http://www.exploit-db.com/exploits/15935
- http://www.kb.cert.org/vuls/id/912279
- http://www.securityfocus.com/archive/1/515589/100/0/threaded
- http://www.securityfocus.com/bid/45233
- https://bugzilla.redhat.com/show_bug.cgi?id=645859
- https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E