CVE-2010-4051

Name of the Vulnerable Software and Affected Versions GNU C Library (glibc or libc6) versions 2.11.3 and earlier, 2.12.x through 2.12.2

Description The issue is related to the regcomp implementation, which allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE DUP MAX limitation. This can be exploited by using regular expressions with specific sequences, such as {10,}{10,}{10,}{10,}{10,}, to cause an application crash. The vulnerability is associated with errors in resource management and code errors, allowing a remote attacker to cause a denial of service (resource exhaustion) using regular expressions with repetition operators.

Recommendations For GNU C Library (glibc or libc6) versions 2.11.3 and earlier, update to a version later than 2.11.3 to resolve the issue. For GNU C Library (glibc or libc6) versions 2.12.x through 2.12.2, update to a version later than 2.12.2 to resolve the issue. As a temporary workaround, consider restricting the use of regular expressions with repetition operators to minimize the risk of exploitation.