CVE-2009-0537

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
microsoftinterix
6.0
openbsdopenbsd
𝑥
≤ 4.4
openbsdopenbsd
2.0
openbsdopenbsd
2.1
openbsdopenbsd
2.2
openbsdopenbsd
2.3
openbsdopenbsd
2.4
openbsdopenbsd
2.5
openbsdopenbsd
2.6
openbsdopenbsd
2.7
openbsdopenbsd
2.8
openbsdopenbsd
2.9
openbsdopenbsd
3.0
openbsdopenbsd
3.1
openbsdopenbsd
3.2
openbsdopenbsd
3.3
openbsdopenbsd
3.4
openbsdopenbsd
3.5
openbsdopenbsd
3.6
openbsdopenbsd
3.7
openbsdopenbsd
3.8
openbsdopenbsd
3.9
openbsdopenbsd
4.0
openbsdopenbsd
4.1
openbsdopenbsd
4.2
openbsdopenbsd
4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glibc
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://securityreason.com/achievement_securityalert/60
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h
http://www.securityfocus.com/archive/1/501505/100/0/threaded
http://www.securityfocus.com/bid/34008
http://www.securitytracker.com/id?1021818
https://www.exploit-db.com/exploits/8163
http://securityreason.com/achievement_securityalert/60
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h
http://www.securityfocus.com/archive/1/501505/100/0/threaded
http://www.securityfocus.com/bid/34008
http://www.securitytracker.com/id?1021818
https://www.exploit-db.com/exploits/8163