CVE-2010-4052

Name of the Vulnerable Software and Affected Versions GNU C Library (aka glibc or libc6) versions 2.11.3 and earlier GNU C Library (aka glibc or libc6) versions 2.12.x through 2.12.2

Description A stack consumption issue in the regcomp implementation allows context-dependent attackers to cause a denial of service via a regular expression containing adjacent repetition operators. This can be demonstrated by a sequence such as {10,}{10,}{10,}{10,} in the proftpd.gnu.c exploit for ProFTPD.

Recommendations For GNU C Library (aka glibc or libc6) versions 2.11.3 and earlier, update to a version later than 2.11.3 to resolve the issue. For GNU C Library (aka glibc or libc6) versions 2.12.x through 2.12.2, update to a version later than 2.12.2 to resolve the issue.