Lucene search

K

[email protected]NVD:CVE-2011-1659

HistoryApr 08, 2011 - 3:17 p.m.

CVE-2011-1659

2011-04-0815:17:28

CWE-189

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.6 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

Affected configurations

NVD

Node

gnuglibcRange≤2.13

OR

gnuglibcMatch1.00

OR

gnuglibcMatch1.01

OR

gnuglibcMatch1.02

OR

gnuglibcMatch1.03

OR

gnuglibcMatch1.04

OR

gnuglibcMatch1.05

OR

gnuglibcMatch1.06

OR

gnuglibcMatch1.07

OR

gnuglibcMatch1.08

OR

gnuglibcMatch1.09

OR

gnuglibcMatch1.09.1

OR

gnuglibcMatch2.0

OR

gnuglibcMatch2.0.1

OR

gnuglibcMatch2.0.2

OR

gnuglibcMatch2.0.3

OR

gnuglibcMatch2.0.4

OR

gnuglibcMatch2.0.5

OR

gnuglibcMatch2.0.6

OR

gnuglibcMatch2.1

OR

gnuglibcMatch2.1.1

OR

gnuglibcMatch2.1.1.6

OR

gnuglibcMatch2.1.2

OR

gnuglibcMatch2.1.3

OR

gnuglibcMatch2.1.3.10

OR

gnuglibcMatch2.1.9

OR

gnuglibcMatch2.2

OR

gnuglibcMatch2.2.1

OR

gnuglibcMatch2.2.2

OR

gnuglibcMatch2.2.3

OR

gnuglibcMatch2.2.4

OR

gnuglibcMatch2.2.5

OR

gnuglibcMatch2.3

OR

gnuglibcMatch2.3.1

OR

gnuglibcMatch2.3.2

OR

gnuglibcMatch2.3.3

OR

gnuglibcMatch2.3.4

OR

gnuglibcMatch2.3.5

OR

gnuglibcMatch2.3.6

OR

gnuglibcMatch2.3.10

OR

gnuglibcMatch2.4

OR

gnuglibcMatch2.5

OR

gnuglibcMatch2.5.1

OR

gnuglibcMatch2.6

OR

gnuglibcMatch2.6.1

OR

gnuglibcMatch2.7

OR

gnuglibcMatch2.8

OR

gnuglibcMatch2.9

OR

gnuglibcMatch2.10

OR

gnuglibcMatch2.10.1

OR

gnuglibcMatch2.10.2

OR

gnuglibcMatch2.11

OR

gnuglibcMatch2.11.1

OR

gnuglibcMatch2.11.2

OR

gnuglibcMatch2.11.3

OR

gnuglibcMatch2.12.0

OR

gnuglibcMatch2.12.1

OR

gnuglibcMatch2.12.2

References

code.google.com/p/chromium/issues/detail?id=48733

scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html

secunia.com/advisories/44353

secunia.com/advisories/46397

sourceware.org/bugzilla/show_bug.cgi?id=12583

sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485

www.mandriva.com/security/advisories?name=MDVSA-2011:178

www.mandriva.com/security/advisories?name=MDVSA-2011:179

www.securityfocus.com/archive/1/520102/100/0/threaded

www.securitytracker.com/id?1025450

www.vmware.com/security/advisories/VMSA-2011-0012.html

bugzilla.redhat.com/show_bug.cgi?id=681054

exchange.xforce.ibmcloud.com/vulnerabilities/66819

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.6 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

Related for NVD:CVE-2011-1659

f53 cvelist2 prion2 debiancve2 cve2 nessus27 ubuntucve2 oraclelinux3 openvas21 altlinux2 veracode2 redhat3 vmware4 securityvulns3 centos2 ibm1 gentoo1 ubuntu1 nvd1