5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.038 Low
EPSS
Percentile
91.8%
Multiple integer overflows in the strfmon implementation in the GNU C
Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent
attackers to cause a denial of service (memory consumption or application
crash) via a crafted format string, as demonstrated by a crafted first
argument to the money_format function in PHP, a related issue to
CVE-2008-1391.