Vulnerability CVE-2010-4051


Published: 2011-01-13   Modified: 2011-02-02

Description:
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

See advisories in our WLB2 database:
Topic
Author
Date
Med.
GNU libc/regcomp(3) Multiple Vulnerabilities
Maksymilian Arci...
07.01.2011
High
proftpd multiple exploit for VU#912279 (only with GNU libc/regcomp(3))
Maksymilian Arci...
07.01.2011
Med.
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
CXSECURITY
13.03.2014

Type:

CWE-noinfo

Vendor: GNU
Product: Glibc 
Version:
2.12.2
2.12.1
2.12.0
2.11.3
2.11.2
2.11.1
2.11
2.10.2
2.10.1
2.10
2.1.9
2.1.3.10
2.1.3
2.1.2
2.1.1.6
2.1.1
1.09.1
1.09
1.08
1.07
1.06
1.05
1.04
1.03
1.02
1.01
1.00

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.kb.cert.org/vuls/id/912279
http://cxib.net/stuff/proftpd.gnu.c
https://bugzilla.redhat.com/show_bug.cgi?id=645859
http://www.securityfocus.com/bid/45233
http://www.securityfocus.com/archive/1/archive/1/515589/100/0/threaded
http://www.exploit-db.com/exploits/15935
http://securitytracker.com/id?1024832
http://securityreason.com/securityalert/8003
http://securityreason.com/achievement_securityalert/93
http://secunia.com/advisories/42547
http://seclists.org/fulldisclosure/2011/Jan/78

Related CVE
CVE-2017-15025
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.
CVE-2017-15022
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or...
CVE-2017-15023
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer de...
CVE-2017-15024
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF f...
CVE-2017-15020
dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via ...
CVE-2017-15021
bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafte...
CVE-2017-14974
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (...
CVE-2017-14940
scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF f...

Copyright 2017, cxsecurity.com

 

Back to Top