CVE-2009-4881: Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1…

medium5CVSS 3.1

AVNACLAuNCNINAP

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

Affected

51 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	glibc	< glibc 2.11.1-1 (bookworm)	glibc 2.11.1-1 (bookworm)
gnu	glibc	<= 2.9	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

osv7.5HIGH