CVE Vulnerabilities

CVE-2010-4052

Published: Jan 13, 2011 | Modified: Oct 10, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

Affected Software

Name Vendor Start Version End Version
Glibc Gnu 2.1.2 2.1.2
Glibc Gnu 2.11 2.11
Glibc Gnu 2.10.1 2.10.1
Glibc Gnu 1.00 1.00
Glibc Gnu 1.06 1.06
Glibc Gnu 2.1.1 2.1.1
Glibc Gnu 1.02 1.02
Glibc Gnu 1.07 1.07
Glibc Gnu 2.12.0 2.12.0
Glibc Gnu 2.1.1.6 2.1.1.6
Glibc Gnu 1.04 1.04
Glibc Gnu 1.01 1.01
Glibc Gnu 2.1 2.1
Glibc Gnu 1.09.1 1.09.1
Glibc Gnu 2.1.9 2.1.9
Glibc Gnu 2.12.1 2.12.1
Glibc Gnu 1.09 1.09
Glibc Gnu 2.10 2.10
Glibc Gnu 2.11.2 2.11.2
Glibc Gnu 1.03 1.03
Glibc Gnu 2.1.3.10 2.1.3.10
Glibc Gnu 2.11.3 2.11.3
Glibc Gnu 1.08 1.08
Glibc Gnu 2.11.1 2.11.1
Glibc Gnu 2.1.3 2.1.3
Glibc Gnu 1.05 1.05
Glibc Gnu 2.12.2 2.12.2
Glibc Gnu 2.10.2 2.10.2

References