CVE-2009-5029

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
gnuglibc
𝑥
≤ 2.14
gnuglibc
2.0
gnuglibc
2.0.1
gnuglibc
2.0.2
gnuglibc
2.0.3
gnuglibc
2.0.4
gnuglibc
2.0.5
gnuglibc
2.0.6
gnuglibc
2.1
gnuglibc
2.1.1
gnuglibc
2.1.1.6
gnuglibc
2.1.2
gnuglibc
2.1.3
gnuglibc
2.1.9
gnuglibc
2.13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
oneiric
Fixed 2.13-20ubuntu5.1
released
natty
Fixed 2.13-0ubuntu13.1
released
maverick
Fixed 2.12.1-0ubuntu10.4
released
lucid
Fixed 2.11.1-0ubuntu7.10
released
hardy
dne
glibc
oneiric
dne
natty
dne
maverick
dne
lucid
dne
hardy
Fixed 2.7-10ubuntu8.1
released
Common Weakness Enumeration
References
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
https://bugzilla.redhat.com/show_bug.cgi?id=761245
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
https://bugzilla.redhat.com/show_bug.cgi?id=761245