Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4880Integer Overflow or Wraparound in Glibc

CWE-190Integer Overflow or Wraparound8 documents8 sources
Severity
5.0MEDIUMNVD
CNA7.5OSV7.5
EPSS
13.0%
top 5.91%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Glibc
Timeline
PublishedJun 1
Latest updateMay 2

Description

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiangnu/glibc< 2.11.1-1+3
NVDgnu/glibc2.10.1+36

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-362p-9mx3-r47m: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 22022-05-02
CVEList
CVE-2009-4880: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 22010-06-01
OSV
CVE-2009-4880: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 22010-06-01

💥Exploits & PoCs

1
Exploit-DB
GNU glibc 2.x - 'strfmon()' Integer Overflow2009-09-17

📋Vendor Advisories

2
Red Hat
(32-bit): Multiple integer overflows in the printf implementation2009-09-03
Debian
CVE-2009-4880: glibc - Multiple integer overflows in the strfmon implementation in the GNU C Library (a...2009

💬Community

1
Bugzilla
CVE-2009-4880 glibc (32-bit): Multiple integer overflows in the printf implementation2010-06-02
CVE-2009-4880 — Integer Overflow or Wraparound in Glibc | cvebase