Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-5029Integer Overflow or Wraparound in Glibc

CWE-189CWE-190Integer Overflow or Wraparound10 documents9 sources
Severity
6.8MEDIUMNVD
EPSS
2.8%
top 13.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Glibc
Timeline
PublishedMay 2
Latest updateMay 2

Description

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debiangnu/glibc< 2.13-24+3
NVDgnu/glibc2.14+14

🔴Vulnerability Details

3
GHSA
GHSA-m45f-chfc-x7hh: Integer overflow in the __tzfile_read function in glibc before 22022-05-02
CVEList
CVE-2009-5029: Integer overflow in the __tzfile_read function in glibc before 22013-05-02
OSV
CVE-2009-5029: Integer overflow in the __tzfile_read function in glibc before 22013-05-02

💥Exploits & PoCs

1
Exploit-DB
GNU glibc - Timezone Parsing Remote Integer Overflow2009-06-01

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2012-03-09
Red Hat
glibc: __tzfile_read integer overflow to buffer overflow2009-06-01
Debian
CVE-2009-5029: glibc - Integer overflow in the __tzfile_read function in glibc before 2.15 allows conte...2009

💬Community

2
Bugzilla
CVE-2009-5029 glibc: __tzfile_read integer overflow to buffer overflow [fedora-all]2011-12-14
Bugzilla
CVE-2009-5029 glibc: __tzfile_read integer overflow to buffer overflow2011-12-07
CVE-2009-5029 — Integer Overflow or Wraparound in Glibc | cvebase