CVE-2010-4754 — Apple MAC OS X vulnerability

3 documents3 sources

Severity

4.0MEDIUMNVD

CNA7.8

EPSS

1.8%

top 17.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Freebsd Netbsd +1 more

Timeline

PublishedMar 2

Latest updateMay 17

Description

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/mac_os_x10.6.7

▶NVDopenbsd/openbsd4.7

Also affects: Netbsd 5.0.2, Freebsd 7.3, 8.1

Patches

Patch: cvsweb.netbsd.org ↗Patch: cvsweb.netbsd.org ↗Patch: cvsweb.netbsd.org ↗

🔴Vulnerability Details

GHSA

GHSA-4f9r-wjj2-h7rm: The glob implementation in libc in FreeBSD 7↗2022-05-17

▶

CVEList

CVE-2010-4754: The glob implementation in libc in FreeBSD 7↗2011-03-02

▶