CVE-2011-2168

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
openbsdopenbsd
𝑥
≤ 4.8
openbsdopenbsd
2.0
openbsdopenbsd
2.1
openbsdopenbsd
2.2
openbsdopenbsd
2.3
openbsdopenbsd
2.4
openbsdopenbsd
2.5
openbsdopenbsd
2.6
openbsdopenbsd
2.7
openbsdopenbsd
2.8
openbsdopenbsd
2.9
openbsdopenbsd
3.0
openbsdopenbsd
3.1
openbsdopenbsd
3.2
openbsdopenbsd
3.3
openbsdopenbsd
3.4
openbsdopenbsd
3.5
openbsdopenbsd
3.6
openbsdopenbsd
3.7
openbsdopenbsd
3.8
openbsdopenbsd
3.9
openbsdopenbsd
4.0
openbsdopenbsd
4.1
openbsdopenbsd
4.2
openbsdopenbsd
4.3
openbsdopenbsd
4.4
openbsdopenbsd
4.5
openbsdopenbsd
4.6
openbsdopenbsd
4.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/achievement_securityalert/97
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=1.35%3Bf=h
http://www.securityfocus.com/bid/48004
http://securityreason.com/achievement_securityalert/97
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=1.35%3Bf=h
http://www.securityfocus.com/bid/48004