CVE-2011-1659 — Glibc vulnerability

8 documents8 sources

Severity

5.0MEDIUMNVD

CNA5.1OSV5.1

EPSS

2.5%

top 14.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedApr 8

Latest updateMay 14

Description

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiangnu/glibc< 2.13-8+3

▶NVDgnu/glibc2.13+57

Patches

Patch: sourceware.org ↗Patch: bugzilla.redhat.com ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-q5rg-jqvh-mj2q: Integer overflow in posix/fnmatch↗2022-05-14

▶

CVEList

CVE-2011-1659: Integer overflow in posix/fnmatch↗2011-04-08

▶

OSV

CVE-2011-1659: Integer overflow in posix/fnmatch↗2011-04-08

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2012-03-09

▶

Debian

CVE-2011-1659: glibc - Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2....↗2011

▶

Red Hat

glibc: fnmatch() alloca()-based memory corruption flaw↗2010-08-05

▶

💬Community

Bugzilla

CVE-2011-1071 CVE-2011-1659 glibc: fnmatch() alloca()-based memory corruption flaw↗2011-02-28

▶