Search for vulnerabilities
| Vulnerability ID | VCID-t2cp-754q-aaae |
| Aliases |
CVE-2010-4051
|
| Summary | The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 4.5 |
| Risk | 9.0 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| Data source | Exploit-DB |
|---|---|
| Date added | Jan. 7, 2011 |
| Description | GNU libc/regcomp(3) - Multiple Vulnerabilities |
| Ransomware campaign use | Unknown |
| Source publication date | Jan. 7, 2011 |
| Exploit type | dos |
| Platform | linux |
| Source update date | Jan. 7, 2011 |
| Source URL | http://securityreason.com/securityalert/8003 |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Percentile | 0.88570 |
| EPSS Score | 0.01820 |
| Published At | Nov. 1, 2024, midnight |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| There are no relevant records. | ||||