CVE-2011-2168

EUVD-2011-2160
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
openbsdopenbsd
𝑥
≤ 4.8
openbsdopenbsd
2.0
openbsdopenbsd
2.1
openbsdopenbsd
2.2
openbsdopenbsd
2.3
openbsdopenbsd
2.4
openbsdopenbsd
2.5
openbsdopenbsd
2.6
openbsdopenbsd
2.7
openbsdopenbsd
2.8
openbsdopenbsd
2.9
openbsdopenbsd
3.0
openbsdopenbsd
3.1
openbsdopenbsd
3.2
openbsdopenbsd
3.3
openbsdopenbsd
3.4
openbsdopenbsd
3.5
openbsdopenbsd
3.6
openbsdopenbsd
3.7
openbsdopenbsd
3.8
openbsdopenbsd
3.9
openbsdopenbsd
4.0
openbsdopenbsd
4.1
openbsdopenbsd
4.2
openbsdopenbsd
4.3
openbsdopenbsd
4.4
openbsdopenbsd
4.5
openbsdopenbsd
4.6
openbsdopenbsd
4.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/achievement_securityalert/97
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=1.35%3Bf=h
http://www.securityfocus.com/bid/48004
http://securityreason.com/achievement_securityalert/97
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=1.35%3Bf=h
http://www.securityfocus.com/bid/48004