CVE-2009-5029
Advisory lineage Upstream: 0 Downstream: 5
Modified
Published: 02 May 2013, 14:00
Last modified:07 Aug 2024, 07:24
Vulnerability Summary
Overall Risk (default)
medium
38/100 CVSS Score
6.8 MEDIUM
v2.0 (nvd)
EPSS Score
2.77% LOW
3% probability -2.34%
KEV
Not listed
Ransomware
No reports
Public exploits
3 found
Dark Web
Not detected
Timeline
02 May 2013, 14:00
Published
Vulnerability first disclosed
07 Aug 2024, 07:24
Last Modified
Vulnerability information updated
Description
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 2.77%• Percentile: 86%
Techniques & Countermeasures
- CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
Affected Systems
- gnu•glibc
≤ 2.14 | 2.0 | 2.0.1 | 2.0.2 | 2.0.3 | 2.0.4 | 2.0.5 | 2.0.6 | 2.1 | 2.11 | 2.1.1.6 | 2.12 | 2.13 | 2.19
References (5)
- http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
- http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
- http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
- http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
- https://bugzilla.redhat.com/show_bug.cgi?id=761245