CVE-2009-5029: Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly…

medium6.8CVSS 3.1

AVNACMAuNCPIPAP

EXPLOIT

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
debian	glibc	< glibc 2.13-24 (bookworm)	glibc 2.13-24 (bookworm)
gnu	glibc	<= 2.14	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	>= 0 < 2.13-24	2.13-24
gnu	glibc	>= 0 < 2.13-24	2.13-24
gnu	glibc	>= 0 < 2.13-24	2.13-24
gnu	glibc	>= 0 < 2.13-24	2.13-24
vmware	vcenter_server	—	—
vmware	vmware_esxi	—	—
vmware	vsphere	—	—

CVSS provenance

nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P

osv6.8MEDIUM