Search for vulnerabilities
Vulnerability details: VCID-u8ab-btzu-aaap
Vulnerability ID VCID-u8ab-btzu-aaap
Aliases CVE-2009-5029
Summary Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0058
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0125
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0126
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00745 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00801 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00801 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00801 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00801 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00801 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00801 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00801 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.00801 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.01220 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.01220 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.01220 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.01220 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.02765 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
epss 0.10644 https://api.first.org/data/v1/epss?cve=CVE-2009-5029
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2009-5029
Reference id Reference type URL
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5029.json
https://api.first.org/data/v1/epss?cve=CVE-2009-5029
https://bugzilla.redhat.com/show_bug.cgi?id=761245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
http://sourceware.org/git/?p=glibc.git;a=commit;h=97ac2654b2d831acaa18a2b018b0736245903fd2
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
656108 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656108
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
CVE-2009-5029 https://nvd.nist.gov/vuln/detail/CVE-2009-5029
CVE-2009-5029;OSVDB-77508 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/36404.c
CVE-2009-5029;OSVDB-77508 Exploit https://www.securityfocus.com/bid/50898/info
GLSA-201312-01 https://security.gentoo.org/glsa/201312-01
RHSA-2012:0058 https://access.redhat.com/errata/RHSA-2012:0058
RHSA-2012:0125 https://access.redhat.com/errata/RHSA-2012:0125
RHSA-2012:0126 https://access.redhat.com/errata/RHSA-2012:0126
USN-1396-1 https://usn.ubuntu.com/1396-1/
Data source Exploit-DB
Date added June 1, 2009
Description GNU glibc - Timezone Parsing Remote Integer Overflow
Ransomware campaign use Known
Source publication date June 1, 2009
Exploit type dos
Platform linux
Source update date March 16, 2015
Source URL https://www.securityfocus.com/bid/50898/info
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-5029
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.81537
EPSS Score 0.00745
Published At Dec. 3, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.