Description

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Related CPE's

a

gnu

glibc

Vulnerable

References

http://cxib.net/stuff/glob-0day.c

Exploit

http://securityreason.com/achievement_securityalert/89

Exploit

http://securityreason.com/exploitalert/9223

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=681681

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756

Weaknesses

[email protected]

Primary
CWE-399

CVSS impact metrics

AV:N/AC:L/Au:S/C:N/I:N/A:P

4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2011-03-02T20:00:01.037

13 years ago

Last modified

2021-09-01T12:15:07.193

2 years ago