5

CVE-2010-4051

Exploit
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGlibc Version1.00
GnuGlibc Version1.01
GnuGlibc Version1.02
GnuGlibc Version1.03
GnuGlibc Version1.04
GnuGlibc Version1.05
GnuGlibc Version1.06
GnuGlibc Version1.07
GnuGlibc Version1.08
GnuGlibc Version1.09
GnuGlibc Version1.09.1
GnuGlibc Version2.1
GnuGlibc Version2.1.1
GnuGlibc Version2.1.1.6
GnuGlibc Version2.1.2
GnuGlibc Version2.1.3
GnuGlibc Version2.1.3.10
GnuGlibc Version2.1.9
GnuGlibc Version2.10
GnuGlibc Version2.10.1
GnuGlibc Version2.10.2
GnuGlibc Version2.11
GnuGlibc Version2.11.1
GnuGlibc Version2.11.2
GnuGlibc Version2.11.3
GnuGlibc Version2.12.0
GnuGlibc Version2.12.1
GnuGlibc Version2.12.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 40% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E
http://cxib.net/stuff/proftpd.gnu.c
Patch
http://seclists.org/fulldisclosure/2011/Jan/78
Exploit
http://secunia.com/advisories/42547
Vendor Advisory
http://securityreason.com/achievement_securityalert/93
Exploit
http://securityreason.com/securityalert/8003
Exploit
http://securitytracker.com/id?1024832
http://www.exploit-db.com/exploits/15935
http://www.kb.cert.org/vuls/id/912279
US Government Resource
http://www.securityfocus.com/archive/1/515589/100/0/threaded
http://www.securityfocus.com/bid/45233
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=645859
Exploit