CVE-2010-4051

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
gnuglibc
1.00
gnuglibc
1.01
gnuglibc
1.02
gnuglibc
1.03
gnuglibc
1.04
gnuglibc
1.05
gnuglibc
1.06
gnuglibc
1.07
gnuglibc
1.08
gnuglibc
1.09
gnuglibc
1.09.1
gnuglibc
2.1
gnuglibc
2.1.1
gnuglibc
2.1.1.6
gnuglibc
2.1.2
gnuglibc
2.1.3
gnuglibc
2.1.3.10
gnuglibc
2.1.9
gnuglibc
2.10
gnuglibc
2.10.1
gnuglibc
2.10.2
gnuglibc
2.11
gnuglibc
2.11.1
gnuglibc
2.11.2
gnuglibc
2.11.3
gnuglibc
2.12.0
gnuglibc
2.12.1
gnuglibc
2.12.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
maverick
ignored
lucid
ignored
karmic
ignored
hardy
dne
dapper
dne
glibc
maverick
dne
lucid
dne
karmic
dne
hardy
ignored
dapper
ignored
References
http://cxib.net/stuff/proftpd.gnu.c
http://seclists.org/fulldisclosure/2011/Jan/78
http://secunia.com/advisories/42547
http://securityreason.com/achievement_securityalert/93
http://securityreason.com/securityalert/8003
http://securitytracker.com/id?1024832
http://www.exploit-db.com/exploits/15935
http://www.kb.cert.org/vuls/id/912279
http://www.securityfocus.com/archive/1/515589/100/0/threaded
http://www.securityfocus.com/bid/45233
https://bugzilla.redhat.com/show_bug.cgi?id=645859
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E
http://cxib.net/stuff/proftpd.gnu.c
http://seclists.org/fulldisclosure/2011/Jan/78
http://secunia.com/advisories/42547
http://securityreason.com/achievement_securityalert/93
http://securityreason.com/securityalert/8003
http://securitytracker.com/id?1024832
http://www.exploit-db.com/exploits/15935
http://www.kb.cert.org/vuls/id/912279
http://www.securityfocus.com/archive/1/515589/100/0/threaded
http://www.securityfocus.com/bid/45233
https://bugzilla.redhat.com/show_bug.cgi?id=645859
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E