CVE-2009-4880

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
gnuglibc
𝑥
≤ 2.10.1
gnuglibc
2.0
gnuglibc
2.0.1
gnuglibc
2.0.2
gnuglibc
2.0.3
gnuglibc
2.0.4
gnuglibc
2.0.5
gnuglibc
2.0.6
gnuglibc
2.1
gnuglibc
2.1.1
gnuglibc
2.1.1.6
gnuglibc
2.1.2
gnuglibc
2.1.3
gnuglibc
2.1.9
gnuglibc
2.2
gnuglibc
2.2.1
gnuglibc
2.2.2
gnuglibc
2.2.3
gnuglibc
2.2.4
gnuglibc
2.2.5
gnuglibc
2.3
gnuglibc
2.3.1
gnuglibc
2.3.2
gnuglibc
2.3.3
gnuglibc
2.3.4
gnuglibc
2.3.5
gnuglibc
2.3.6
gnuglibc
2.3.10
gnuglibc
2.4
gnuglibc
2.5
gnuglibc
2.5.1
gnuglibc
2.6
gnuglibc
2.6.1
gnuglibc
2.7
gnuglibc
2.8
gnuglibc
2.9
gnuglibc
2.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
lucid
Fixed 2.11.1-0ubuntu7.1
released
karmic
Fixed 2.10.1-0ubuntu17
released
jaunty
dne
hardy
dne
dapper
dne
glibc
lucid
dne
karmic
dne
jaunty
Fixed 2.9-4ubuntu6.2
released
hardy
Fixed 2.7-10ubuntu6
released
dapper
Fixed 2.3.6-0ubuntu20.6
released
Common Weakness Enumeration
References
http://secunia.com/advisories/39900
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://securityreason.com/achievement_securityalert/67
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=199eb0de8d673fb23aa127721054b4f1803d61f3
http://www.debian.org/security/2010/dsa-2058
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://www.securityfocus.com/bid/36443
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
https://bugzilla.redhat.com/show_bug.cgi?id=524671
https://exchange.xforce.ibmcloud.com/vulnerabilities/59242
http://secunia.com/advisories/39900
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://securityreason.com/achievement_securityalert/67
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=199eb0de8d673fb23aa127721054b4f1803d61f3
http://www.debian.org/security/2010/dsa-2058
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://www.securityfocus.com/bid/36443
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
https://bugzilla.redhat.com/show_bug.cgi?id=524671
https://exchange.xforce.ibmcloud.com/vulnerabilities/59242