5

CVE-2010-4051

Exploit

EPSS 4.66%
Published 13.01.2011 19:00:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

Affected products Warnungen 0 Metrics 2 CWE 0 References 15

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Glibc Version1.00

Gnu ≫ Glibc Version1.01

Gnu ≫ Glibc Version1.02

Gnu ≫ Glibc Version1.03

Gnu ≫ Glibc Version1.04

Gnu ≫ Glibc Version1.05

Gnu ≫ Glibc Version1.06

Gnu ≫ Glibc Version1.07

Gnu ≫ Glibc Version1.08

Gnu ≫ Glibc Version1.09

Gnu ≫ Glibc Version1.09.1

Gnu ≫ Glibc Version2.1

Gnu ≫ Glibc Version2.1.1

Gnu ≫ Glibc Version2.1.1.6

Gnu ≫ Glibc Version2.1.2

Gnu ≫ Glibc Version2.1.3

Gnu ≫ Glibc Version2.1.3.10

Gnu ≫ Glibc Version2.1.9

Gnu ≫ Glibc Version2.10

Gnu ≫ Glibc Version2.10.1

Gnu ≫ Glibc Version2.10.2

Gnu ≫ Glibc Version2.11

Gnu ≫ Glibc Version2.11.1

Gnu ≫ Glibc Version2.11.2

Gnu ≫ Glibc Version2.11.3

Gnu ≫ Glibc Version2.12.0

Gnu ≫ Glibc Version2.12.1

Gnu ≫ Glibc Version2.12.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.66%	0.889

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E

http://cxib.net/stuff/proftpd.gnu.c

Patch

http://seclists.org/fulldisclosure/2011/Jan/78

Exploit

http://secunia.com/advisories/42547

Vendor Advisory

http://securityreason.com/achievement_securityalert/93

Exploit

http://securityreason.com/securityalert/8003

Exploit

http://securitytracker.com/id?1024832

http://www.exploit-db.com/exploits/15935

http://www.kb.cert.org/vuls/id/912279

US Government Resource

http://www.securityfocus.com/archive/1/515589/100/0/threaded

http://www.securityfocus.com/bid/45233

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=645859

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2010-4051

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-4051

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-4051

EUVD