Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4052Uncontrolled Resource Consumption in Glibc

CWE-3999 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
10.0%
top 6.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Glibc
Timeline
PublishedJan 13
Latest updateMay 14

Description

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiangnu/glibc< 2.19-4+3
NVDgnu/glibc28 versions+27

Patches

Patch: cxib.netPatch: cxib.net

🔴Vulnerability Details

3
GHSA
GHSA-xq2p-cgwj-87m3: Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 22022-05-14
CVEList
CVE-2010-4052: Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 22011-01-13
OSV
CVE-2010-4052: Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 22011-01-13

💥Exploits & PoCs

2
Exploit-DB
GNU libc/regcomp(3) - Multiple Vulnerabilities2011-01-07
Exploit-DB
GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service2010-12-07

📋Vendor Advisories

2
Red Hat
glibc: De-recursivise regular expression engine2010-12-07
Debian
CVE-2010-4052: glibc - Stack consumption vulnerability in the regcomp implementation in the GNU C Libra...2010

💬Community

1
Bugzilla
CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine2010-10-22
CVE-2010-4052 — Uncontrolled Resource Consumption | cvebase