CVE-2009-4881

Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 01 Jun 2010, 20:00
Last modified:07 Aug 2024, 07:17

Vulnerability Summary

Overall Risk (default)
low
20/100
CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
0.6% LOW
1% probability -0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Jun 2010, 20:00
Published
Vulnerability first disclosed
07 Aug 2024, 07:17
Last Modified
Vulnerability information updated

Description

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

CVSS Metrics

  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.60% Percentile: 70%

Techniques & Countermeasures

  • CWE-189Numeric Errors

    Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

  • gnuglibc

    ≤ 2.9 | 1.00 | 1.01 | 1.02 | 1.03 | 1.04 | 1.05 | 1.06 | 1.07 | 1.08 | 1.09 | 2.0 | 2.0.1 | 2.0.2 | 2.0.3 | 2.0.4 | 2.0.5 | 2.0.6 | 2.1 | 2.11 | 2.1.1.6 | 2.12 | 2.13 | 2.1.3.10 | 2.19 | 2.2 | 2.21 | 2.22 | 2.23 | 2.2.4 | 2.25 | 2.3 | 2.3.1 | 2.3.2 | 2.33 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.10 | 2.4 | 2.5 | 2.5.1 | 2.6 | 2.6.1 | 2.7 | 2.8

References (6)