Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4051Glibc vulnerability

8 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
4.7%
top 10.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Glibc
Timeline
PublishedJan 13
Latest updateMay 13

Description

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiangnu/glibc< 2.19-4+3
NVDgnu/glibc28 versions+27

Patches

Patch: cxib.netPatch: cxib.net

🔴Vulnerability Details

3
GHSA
GHSA-6429-fc4p-f7q7: The regcomp implementation in the GNU C Library (aka glibc or libc6) through 22022-05-13
CVEList
CVE-2010-4051: The regcomp implementation in the GNU C Library (aka glibc or libc6) through 22011-01-13
OSV
CVE-2010-4051: The regcomp implementation in the GNU C Library (aka glibc or libc6) through 22011-01-13

💥Exploits & PoCs

1
Exploit-DB
GNU libc/regcomp(3) - Multiple Vulnerabilities2011-01-07

📋Vendor Advisories

2
Red Hat
glibc: De-recursivise regular expression engine2010-12-07
Debian
CVE-2010-4051: glibc - The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.1...2010

💬Community

1
Bugzilla
CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine2010-10-22
CVE-2010-4051 — GNU Glibc vulnerability | cvebase