cve-2010-4051
Vulnerability from cvelistv5
Published
2011-01-13 18:35
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42547"
},
{
"name": "1024832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024832"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Jan/78"
},
{
"name": "VU#912279",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/912279"
},
{
"name": "45233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45233"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515589/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cxib.net/stuff/proftpd.gnu.c"
},
{
"name": "15935",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15935"
},
{
"name": "8003",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8003"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/93"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=645859"
},
{
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T14:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42547"
},
{
"name": "1024832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024832"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Jan/78"
},
{
"name": "VU#912279",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/912279"
},
{
"name": "45233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45233"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515589/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cxib.net/stuff/proftpd.gnu.c"
},
{
"name": "15935",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15935"
},
{
"name": "8003",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8003"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/93"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=645859"
},
{
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42547"
},
{
"name": "1024832",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024832"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Jan/78"
},
{
"name": "VU#912279",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/912279"
},
{
"name": "45233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45233"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515589/100/0/threaded"
},
{
"name": "http://cxib.net/stuff/proftpd.gnu.c",
"refsource": "MISC",
"url": "http://cxib.net/stuff/proftpd.gnu.c"
},
{
"name": "15935",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15935"
},
{
"name": "8003",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8003"
},
{
"name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/93"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=645859",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=645859"
},
{
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4051",
"datePublished": "2011-01-13T18:35:00",
"dateReserved": "2010-10-22T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA23C241-132B-423E-A22A-7206A8074D10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F79978B1-8831-4169-B815-80138C85832C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"991EB676-F043-418D-BD81-0BB937236D40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA0C5DB0-602E-4296-884C-60E24FC80458\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3211F47C-DF6D-4355-95F8-DED317700621\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"229BFD88-A90F-4D2B-97B9-822A7D87EAEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFE253B0-D8E0-4099-8CA7-8925B4809F88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D640F556-8181-4F15-B2F7-7EC7E8869FB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"061383CD-B9AD-41C6-8C46-F79870B9CD22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9897B03F-A457-4B29-9C5E-FEA084D3BF0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7C3684B-CE01-46B5-9E41-BF58E6A5AA64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E2A0F12-FD00-40B9-86AD-7D082385E5DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ED8F0E8-A969-4F7F-A100-662F4A5426FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9416576F-A605-45BE-AA01-FEF357A66979\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE582B8F-4E31-4D0F-B2F9-AC83C855F751\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB56D9C9-13B3-418C-B06C-0997E165F1C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AFD93D5-70BB-475C-BDD3-DEDE9965C5BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19D5667D-5EA4-4B44-BF8A-9C10506BD4E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3D70AB0-2910-4191-9980-5BA78E8F2E11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A30D0EE-1AED-4C99-8A22-24E47212F3FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A93600D-7271-4AF5-8133-C6AA5BC8543F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4169CA4B-C4F5-499A-A35A-49DD43AC0A22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C55E32EC-33A6-4145-9B76-C7E3DBACD1E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6423F0B5-E483-4DE9-B13F-3A7322F055DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0B4AFFF-A537-44BD-B97A-EFA9409DB8BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37880948-2AB5-491A-85E2-B7E271E03B1D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \\\"RE_DUP_MAX overflow.\\\"\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n de regcomp en la librer\\u00eda de C de GNU (tambi\\u00e9n conocido como glibc o libc6) desde v2.11.3 y v2.12.x hasta v2.12.2, permite a atacantes dependientes de contexto provocar una denegaci\\u00f3n de servicio (ca\\u00edda de la aplicaci\\u00f3n) a trav\\u00e9s de una expresi\\u00f3n regular que contiene repeticiones delimitadas adjacentes que pretenden evitar la limitaci\\u00f3n RE_DUP_MAX, como se demuestra mediante la secuencia {10} {10} {10} {10} {10} en el exploit proftpd.gnu.c para ProFTPD, relacionado con un desbordamiento de \\\"RE_DUP_MAX\\\".\"}]",
"id": "CVE-2010-4051",
"lastModified": "2024-11-21T01:20:08.980",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2011-01-13T19:00:02.900",
"references": "[{\"url\": \"http://cxib.net/stuff/proftpd.gnu.c\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2011/Jan/78\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/42547\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/achievement_securityalert/93\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securityreason.com/securityalert/8003\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securitytracker.com/id?1024832\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.exploit-db.com/exploits/15935\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/912279\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/515589/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/45233\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=645859\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://cxib.net/stuff/proftpd.gnu.c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2011/Jan/78\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/42547\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/achievement_securityalert/93\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securityreason.com/securityalert/8003\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securitytracker.com/id?1024832\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/15935\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/912279\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/515589/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/45233\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=645859\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-4051\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-01-13T19:00:02.900\",\"lastModified\":\"2024-11-21T01:20:08.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \\\"RE_DUP_MAX overflow.\\\"\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de regcomp en la librer\u00eda de C de GNU (tambi\u00e9n conocido como glibc o libc6) desde v2.11.3 y v2.12.x hasta v2.12.2, permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una expresi\u00f3n regular que contiene repeticiones delimitadas adjacentes que pretenden evitar la limitaci\u00f3n RE_DUP_MAX, como se demuestra mediante la secuencia {10} {10} {10} {10} {10} en el exploit proftpd.gnu.c para ProFTPD, relacionado con un desbordamiento de \\\"RE_DUP_MAX\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA23C241-132B-423E-A22A-7206A8074D10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F79978B1-8831-4169-B815-80138C85832C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"991EB676-F043-418D-BD81-0BB937236D40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA0C5DB0-602E-4296-884C-60E24FC80458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3211F47C-DF6D-4355-95F8-DED317700621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"229BFD88-A90F-4D2B-97B9-822A7D87EAEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE253B0-D8E0-4099-8CA7-8925B4809F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D640F556-8181-4F15-B2F7-7EC7E8869FB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"061383CD-B9AD-41C6-8C46-F79870B9CD22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9897B03F-A457-4B29-9C5E-FEA084D3BF0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7C3684B-CE01-46B5-9E41-BF58E6A5AA64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E2A0F12-FD00-40B9-86AD-7D082385E5DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ED8F0E8-A969-4F7F-A100-662F4A5426FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9416576F-A605-45BE-AA01-FEF357A66979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE582B8F-4E31-4D0F-B2F9-AC83C855F751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB56D9C9-13B3-418C-B06C-0997E165F1C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AFD93D5-70BB-475C-BDD3-DEDE9965C5BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19D5667D-5EA4-4B44-BF8A-9C10506BD4E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3D70AB0-2910-4191-9980-5BA78E8F2E11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A30D0EE-1AED-4C99-8A22-24E47212F3FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A93600D-7271-4AF5-8133-C6AA5BC8543F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4169CA4B-C4F5-499A-A35A-49DD43AC0A22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C55E32EC-33A6-4145-9B76-C7E3DBACD1E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6423F0B5-E483-4DE9-B13F-3A7322F055DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0B4AFFF-A537-44BD-B97A-EFA9409DB8BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37880948-2AB5-491A-85E2-B7E271E03B1D\"}]}]}],\"references\":[{\"url\":\"http://cxib.net/stuff/proftpd.gnu.c\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://seclists.org/fulldisclosure/2011/Jan/78\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/42547\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/achievement_securityalert/93\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securityreason.com/securityalert/8003\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securitytracker.com/id?1024832\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.exploit-db.com/exploits/15935\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/912279\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515589/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/45233\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=645859\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://cxib.net/stuff/proftpd.gnu.c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://seclists.org/fulldisclosure/2011/Jan/78\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/42547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/achievement_securityalert/93\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securityreason.com/securityalert/8003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securitytracker.com/id?1024832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/15935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/912279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515589/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=645859\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.