CVE-2011-1071

Advisory lineage Upstream: 0 Downstream: 4

Downstream

DEBIAN-CVE-2011-1071 RHSA-2011:0412 RHSA-2011:0413 RHSA-2012:0125

Modified

Published: 08 Apr 2011, 15:00

Last modified:06 Aug 2024, 22:14

Vulnerability Summary

Overall Risk (default)

medium

32/100

CVSS Score

5.1 MEDIUM

v2.0 (nvd)

EPSS Score

6.78% LOW

7% probability +2.70%

KEV

Not listed

Ransomware

No reports

Public exploits

9 found

Dark Web

Not detected

Timeline

08 Apr 2011, 15:00

Published

Vulnerability first disclosed

06 Aug 2024, 22:14

Last Modified

Vulnerability information updated

Description

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

CVSS Metrics

v2.0•MEDIUM•Score: 5.1AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 6.78%• Percentile: 91%

Techniques & Countermeasures

CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.

Affected Systems

gnu•glibc
≤ 2.12.1 | 1.00 | 1.01 | 1.02 | 1.03 | 1.04 | 1.05 | 1.06 | 1.07 | 1.08 | 1.09 | 1.09.1 | 2.0 | 2.0.1 | 2.0.2 | 2.0.3 | 2.0.4 | 2.0.5 | 2.0.6 | 2.1 | 2.11 | 2.1.1.6 | 2.12 | 2.13 | 2.1.3.10 | 2.19 | 2.2 | 2.21 | 2.22 | 2.23 | 2.2.4 | 2.25 | 2.3 | 2.3.1 | 2.3.2 | 2.33 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.10 | 2.4 | 2.5 | 2.5.1 | 2.6 | 2.6.1 | 2.7 | 2.8 | 2.9 | 2.10 | 2.10.1 | 2.10.2 | 2.11.1 | 2.11.2 | 2.11.3 | 2.12.0