CVE-2009-4881

2010-06-01 22:30:02 2017-08-17 03:31:47

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

GNU glibc 2.9 GNU glibc 2.6 GNU glibc 2.7 Gnu Glibc 1.01 (not an official CPE) Gnu Glibc 1.02 (not an official CPE) GNU glibc 2.4 GNU glibc 2.5 GNU glibc 2.3.10 Gnu Glibc 1.00 (not an official CPE) Gnu Glibc 2.1.3.10 (not an official CPE) Gnu Glibc 1.03 (not an official CPE) Gnu Glibc 1.04 (not an official CPE) Gnu Glibc 1.09 (not an official CPE) GNU glibc 2.2.1 GNU glibc 2.1.2 GNU glibc 2.0.3 GNU glibc 2.1.1.6 GNU glibc 2.1.1 GNU glibc 2.0.2 Gnu Glibc 1.05 (not an official CPE) Gnu Glibc 1.06 (not an official CPE) Gnu Glibc 1.07 (not an official CPE) Gnu Glibc 1.08 (not an official CPE) GNU glibc 2.3.6 GNU glibc 2.3.5 GNU glibc 2.3.2 GNU glibc 2.2.3 GNU glibc 2.0.5 GNU glibc 2.3.1 GNU glibc 2.2.2 GNU glibc 2.1.3 GNU glibc 2.0.4 GNU glibc 2.6.1 GNU glibc 2.3.4 GNU glibc 2.2.5 GNU glibc 2.5.1 GNU glibc 2.3.3 GNU glibc 2.2.4 GNU glibc 2.0.6 GNU glibc 2.0.1 GNU glibc 2.8 GNU glibc 2.3 GNU glibc 2.2 GNU glibc 2.1.9 GNU glibc 2.1 GNU glibc 2.0

Gnu - Glibc

Advisory	Patch	Confirmed	Link
			MDVSA-2010:111
			DSA-2058
			http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa3...
			http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600
			GLSA-201011-01
			gnuclibrary-vstrfmonl-overflow(59241)

Numeric Errors (ID 189)

Related CVE(s) 1 CVE-2008-1391 CVSS 7.5