CVE-2009-0537

2009-03-0921:30:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.002

Percentile

52.1%

JSON

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, © chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

OSVersionArchitecturePackageVersionFilename
Debian12allglibc< 2.36-9+deb12u8glibc_2.36-9+deb12u8_all.deb
Debian11allglibc< 2.31-13+deb11u11glibc_2.31-13+deb11u11_all.deb
Debian999allglibc< 2.40-2glibc_2.40-2_all.deb
Debian13allglibc< 2.40-2glibc_2.40-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	glibc	< 2.36-9+deb12u8	glibc_2.36-9+deb12u8_all.deb
Debian	11	all	glibc	< 2.31-13+deb11u11	glibc_2.31-13+deb11u11_all.deb
Debian	999	all	glibc	< 2.40-2	glibc_2.40-2_all.deb
Debian	13	all	glibc	< 2.40-2	glibc_2.40-2_all.deb