Lucene search

K
cveRedhatCVE-2011-1071
HistoryApr 08, 2011 - 3:17 p.m.

CVE-2011-1071

2011-04-0815:17:27
CWE-399
redhat
web.nvd.nist.gov
78
gnu c library
glibc
libc6
eglibc
cve-2011-1071
stack extension attack
memory consumption
utf8 string
google chrome

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.022

Percentile

89.6%

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a “stack extension attack,” a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

Affected configurations

Nvd
Node
gnueglibc
OR
gnuglibcRange2.12.1
OR
gnuglibcMatch1.00
OR
gnuglibcMatch1.01
OR
gnuglibcMatch1.02
OR
gnuglibcMatch1.03
OR
gnuglibcMatch1.04
OR
gnuglibcMatch1.05
OR
gnuglibcMatch1.06
OR
gnuglibcMatch1.07
OR
gnuglibcMatch1.08
OR
gnuglibcMatch1.09
OR
gnuglibcMatch1.09.1
OR
gnuglibcMatch2.0
OR
gnuglibcMatch2.0.1
OR
gnuglibcMatch2.0.2
OR
gnuglibcMatch2.0.3
OR
gnuglibcMatch2.0.4
OR
gnuglibcMatch2.0.5
OR
gnuglibcMatch2.0.6
OR
gnuglibcMatch2.1
OR
gnuglibcMatch2.1.1
OR
gnuglibcMatch2.1.1.6
OR
gnuglibcMatch2.1.2
OR
gnuglibcMatch2.1.3
OR
gnuglibcMatch2.1.3.10
OR
gnuglibcMatch2.1.9
OR
gnuglibcMatch2.2
OR
gnuglibcMatch2.2.1
OR
gnuglibcMatch2.2.2
OR
gnuglibcMatch2.2.3
OR
gnuglibcMatch2.2.4
OR
gnuglibcMatch2.2.5
OR
gnuglibcMatch2.3
OR
gnuglibcMatch2.3.1
OR
gnuglibcMatch2.3.2
OR
gnuglibcMatch2.3.3
OR
gnuglibcMatch2.3.4
OR
gnuglibcMatch2.3.5
OR
gnuglibcMatch2.3.6
OR
gnuglibcMatch2.3.10
OR
gnuglibcMatch2.4
OR
gnuglibcMatch2.5
OR
gnuglibcMatch2.5.1
OR
gnuglibcMatch2.6
OR
gnuglibcMatch2.6.1
OR
gnuglibcMatch2.7
OR
gnuglibcMatch2.8
OR
gnuglibcMatch2.9
OR
gnuglibcMatch2.10
OR
gnuglibcMatch2.10.1
OR
gnuglibcMatch2.10.2
OR
gnuglibcMatch2.11
OR
gnuglibcMatch2.11.1
OR
gnuglibcMatch2.11.2
OR
gnuglibcMatch2.11.3
OR
gnuglibcMatch2.12.0
VendorProductVersionCPE
gnueglibc*cpe:2.3:a:gnu:eglibc:*:*:*:*:*:*:*:*
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
gnuglibc1.00cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
gnuglibc1.01cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
gnuglibc1.02cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
gnuglibc1.03cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
gnuglibc1.04cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
gnuglibc1.05cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
gnuglibc1.06cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
gnuglibc1.07cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
Rows per page:
1-10 of 571

References

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.022

Percentile

89.6%