Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1071 — Glibc vulnerability

CWE-39910 documents9 sources

Severity

5.1MEDIUMNVD

CNA5.0OSV5.0

EPSS

5.2%

top 10.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

GNU Glibc

Timeline

PublishedApr 8

Latest updateMay 14

Description

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶Debiangnu/glibc< 2.11.2-12+3

▶NVDgnu/glibc2.12.1+55

Patches

Patch: seclists.org ↗Patch: bugzilla.redhat.com ↗Patch: seclists.org ↗

🔴Vulnerability Details

GHSA

GHSA-w4p3-xg4g-ff4x: The GNU C Library (aka glibc or libc6) before 2↗2022-05-14

▶

OSV

CVE-2011-1071: The GNU C Library (aka glibc or libc6) before 2↗2011-04-08

▶

CVEList

CVE-2011-1071: The GNU C Library (aka glibc or libc6) before 2↗2011-04-08

▶

💥Exploits & PoCs

Exploit-DB

GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption↗2011-02-25

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2012-03-09

▶

Debian

CVE-2011-1071: glibc - The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC)...↗2011

▶

Red Hat

glibc: fnmatch() alloca()-based memory corruption flaw↗2010-08-05

▶

Red Hat

glibc: fnmatch() alloca()-based memory corruption flaw↗2010-08-05

▶

💬Community

Bugzilla

CVE-2011-1071 CVE-2011-1659 glibc: fnmatch() alloca()-based memory corruption flaw↗2011-02-28

▶