Resource Management Errors in glibc

Do your applications use this vulnerable package? Test your applications

Overview

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

References

BUGTRAQ
Cert Vulnerability Note
Dead Link
Debian Security Tracker
Exploit DB
MISC
RedHat Bugzilla Bug
SECTRACK
SREASON
SREASONRES
Seclists Full Disclosure
Secunia Advisory
Security Focus

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

Low

CVE: CVE-2010-4052
CWE: CWE-399
Snyk ID: SNYK-DEBIAN10-GLIBC-356671
Disclosed: 13 Jan, 2011
Published: 13 Jan, 2011

Resource Management Errors
Affecting glibc package, versions *

Overview

References

CVSS Score

Resource Management Errors Affecting glibc package, versions *

Overview

References

Resource Management Errors
Affecting glibc package, versions *