CVE-2010-4051
CVE-2010-4051
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/15935unverifiedexploitdbwww.exploit-db.com/exploits/15935unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://cxib.net/stuff/proftpd.gnu.chttps://bugzilla.redhat.com/show_bug.cgi?id=645859http://seclists.org/fulldisclosure/2011/Jan/78http://secunia.com/advisories/42547http://securityreason.com/achievement_securityalert/93http://securityreason.com/securityalert/8003http://securitytracker.com/id?1024832https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3Ehttp://www.exploit-db.com/exploits/15935http://www.kb.cert.org/vuls/id/912279http://www.securityfocus.com/archive/1/515589/100/0/threadedhttp://www.securityfocus.com/bid/45233