CVE-2009-4880
published 2010-06-01CVE-2009-4880: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to…
medium5CVSS 3.1
AVNACLAuNCNINAP
EXPLOIT
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.11.1-1 (bookworm) | glibc 2.11.1-1 (bookworm) |
| gnu | glibc | <= 2.10.1 | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH