PT-2011-1462 · Gnu+1 · Gnu C Library+2
Maksymilian Arciemowicz
·
Published
2011-01-13
·
Updated
2018-10-10
·
CVE-2010-4052
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
GNU C Library (aka glibc or libc6) versions 2.11.3 and earlier
GNU C Library (aka glibc or libc6) versions 2.12.x through 2.12.2
Description
A stack consumption issue in the regcomp implementation allows context-dependent attackers to cause a denial of service via a regular expression containing adjacent repetition operators. This can be demonstrated by a sequence such as
{10,}{10,}{10,}{10,} in the proftpd.gnu.c exploit for ProFTPD.Recommendations
For GNU C Library (aka glibc or libc6) versions 2.11.3 and earlier, update to a version later than 2.11.3 to resolve the issue.
For GNU C Library (aka glibc or libc6) versions 2.12.x through 2.12.2, update to a version later than 2.12.2 to resolve the issue.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnu C Library
Junos
Proftpd