5

CVE-2009-4880

Exploit
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGlibc Version <= 2.10.1
GnuGlibc Version2.0
GnuGlibc Version2.0.1
GnuGlibc Version2.0.2
GnuGlibc Version2.0.3
GnuGlibc Version2.0.4
GnuGlibc Version2.0.5
GnuGlibc Version2.0.6
GnuGlibc Version2.1
GnuGlibc Version2.1.1
GnuGlibc Version2.1.1.6
GnuGlibc Version2.1.2
GnuGlibc Version2.1.3
GnuGlibc Version2.1.9
GnuGlibc Version2.2
GnuGlibc Version2.2.1
GnuGlibc Version2.2.2
GnuGlibc Version2.2.3
GnuGlibc Version2.2.4
GnuGlibc Version2.2.5
GnuGlibc Version2.3
GnuGlibc Version2.3.1
GnuGlibc Version2.3.2
GnuGlibc Version2.3.3
GnuGlibc Version2.3.4
GnuGlibc Version2.3.5
GnuGlibc Version2.3.6
GnuGlibc Version2.3.10
GnuGlibc Version2.4
GnuGlibc Version2.5
GnuGlibc Version2.5.1
GnuGlibc Version2.6
GnuGlibc Version2.6.1
GnuGlibc Version2.7
GnuGlibc Version2.8
GnuGlibc Version2.9
GnuGlibc Version2.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.22% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2010/dsa-2058
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://secunia.com/advisories/39900
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://securityreason.com/achievement_securityalert/67
Exploit
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600
Exploit
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=199eb0de8d673fb23aa127721054b4f1803d61f3
http://www.securityfocus.com/bid/36443
Patch
Exploit
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=524671
https://exchange.xforce.ibmcloud.com/vulnerabilities/59242