PT-2009-1120 · Gnu+3 · Glibc+3

Padma81

Published

2009-12-04

Updated

2024-06-15

CVE-2009-5155

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.28

Description The issue is related to the parse reg exp function in the GNU C Library, which misparses alternatives. This can allow attackers to cause a denial of service, resulting in an assertion failure and application exit, or trigger an incorrect result by attempting a regular-expression match. The vulnerability is associated with data processing errors.

Recommendations For versions prior to 2.28, update to version 2.28 or later to resolve the issue. As a temporary workaround, consider restricting the use of regular expressions in affected applications until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

ALT-PU-2019-3114

AZL-44574

AZL-44787

BDU:2021-05821

CVE-2009-5155

OPENSUSE-SU-2024:10792-1

SUSE-SU-2019:1102-1

SUSE-SU-2019:1877-1

SUSE-SU-2019:1958-1

SUSE-SU-2019:1958-2

SUSE-SU-2019_1102-1

SUSE-SU-2019_1877-1

SUSE-SU-2019_1958-1

SUSE-SU-2019_1958-2

USN-4954-1

Affected Products

Alt Linux

Suse

Ubuntu

Glibc

PT-2009-1120 · Gnu+3 · Glibc+3

CVE-2009-5155

Weakness Enumeration

Related Identifiers

Affected Products

References · 82