5

CVE-2010-4052

Exploit
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGlibc Version1.00
GnuGlibc Version1.01
GnuGlibc Version1.02
GnuGlibc Version1.03
GnuGlibc Version1.04
GnuGlibc Version1.05
GnuGlibc Version1.06
GnuGlibc Version1.07
GnuGlibc Version1.08
GnuGlibc Version1.09
GnuGlibc Version1.09.1
GnuGlibc Version2.1
GnuGlibc Version2.1.1
GnuGlibc Version2.1.1.6
GnuGlibc Version2.1.2
GnuGlibc Version2.1.3
GnuGlibc Version2.1.3.10
GnuGlibc Version2.1.9
GnuGlibc Version2.10
GnuGlibc Version2.10.1
GnuGlibc Version2.10.2
GnuGlibc Version2.11
GnuGlibc Version2.11.1
GnuGlibc Version2.11.2
GnuGlibc Version2.11.3
GnuGlibc Version2.12.0
GnuGlibc Version2.12.1
GnuGlibc Version2.12.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 51.3% 0.988
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://cxib.net/stuff/proftpd.gnu.c
Patch
http://seclists.org/fulldisclosure/2011/Jan/78
Exploit
http://secunia.com/advisories/42547
Vendor Advisory
http://securityreason.com/achievement_securityalert/93
Exploit
http://securityreason.com/securityalert/8003
Exploit
http://securitytracker.com/id?1024832
http://www.exploit-db.com/exploits/15935
http://www.kb.cert.org/vuls/id/912279
US Government Resource
http://www.securityfocus.com/archive/1/515589/100/0/threaded
http://www.securityfocus.com/bid/45233
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=645859
Exploit