Search for vulnerabilities
Vulnerability details: VCID-z54v-76h3-aaae
Vulnerability ID VCID-z54v-76h3-aaae
Aliases CVE-2009-5155
Summary In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-19 Data Processing Errors
CWE-20 Improper Input Validation
CWE-185 Incorrect Regular Expression
System Score Found at
generic_textual Negligible http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-5155.html
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5155.json
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00469 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00598 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00598 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00598 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.00598 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
epss 0.03378 https://api.first.org/data/v1/epss?cve=CVE-2009-5155
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1683683
generic_textual Negligible https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155
cvssv3 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
cvssv3.1 8.8 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2009-5155
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2009-5155
generic_textual Negligible https://ubuntu.com/security/notices/USN-4954-1
Reference id Reference type URL
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-5155.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5155.json
https://api.first.org/data/v1/epss?cve=CVE-2009-5155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://security.netapp.com/advisory/ntap-20190315-0002/
https://sourceware.org/bugzilla/show_bug.cgi?id=11053
https://sourceware.org/bugzilla/show_bug.cgi?id=18986
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=eb04c21373e2a2885f3d52ff192b0499afe3c672
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672
https://support.f5.com/csp/article/K64119434
https://support.f5.com/csp/article/K64119434?utm_source=f5support&amp%3Butm_medium=RSS
https://support.f5.com/csp/article/K64119434?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/notices/USN-4954-1
1683683 https://bugzilla.redhat.com/show_bug.cgi?id=1683683
924613 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924613
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
CVE-2009-5155 https://nvd.nist.gov/vuln/detail/CVE-2009-5155
USN-4954-1 https://usn.ubuntu.com/4954-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5155.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-5155
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2009-5155
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.76058
EPSS Score 0.00469
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.