PT-2009-1120 · Gnu+3 · Glibc+3

Padma81

Publicado

2009-12-04

Atualizado

2024-06-15

CVE-2009-5155

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.28

Description The issue is related to the parse reg exp function in the GNU C Library, which misparses alternatives. This can allow attackers to cause a denial of service, resulting in an assertion failure and application exit, or trigger an incorrect result by attempting a regular-expression match. The vulnerability is associated with data processing errors.

Recommendations For versions prior to 2.28, update to version 2.28 or later to resolve the issue. As a temporary workaround, consider restricting the use of regular expressions in affected applications until a patch is available.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-19

Identificadores relacionados

ALT-PU-2019-3114

AZL-44574

AZL-44787

BDU:2021-05821

CVE-2009-5155

OPENSUSE-SU-2024:10792-1

SUSE-SU-2019:1102-1

SUSE-SU-2019:1877-1

SUSE-SU-2019:1958-1

SUSE-SU-2019:1958-2

SUSE-SU-2019_1102-1

SUSE-SU-2019_1877-1

SUSE-SU-2019_1958-1

SUSE-SU-2019_1958-2

USN-4954-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Glibc

PT-2009-1120 · Gnu+3 · Glibc+3

CVE-2009-5155

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 82