CVE-2011-5320Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 81.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedOct 18
Latest updateMay 17

Description

scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

Debiangnu/glibc< 2.15+3
NVDgnu/glibc2.14.1

🔴Vulnerability Details

3
GHSA
GHSA-m3xm-963r-gm9q: scanf and related functions in glibc before 22022-05-17
CVEList
CVE-2011-5320: scanf and related functions in glibc before 22017-10-18
OSV
CVE-2011-5320: scanf and related functions in glibc before 22017-10-18

📋Vendor Advisories

2
Red Hat
glibc: scanf implementation crashes on certain inputs2011-01-22
Debian
CVE-2011-5320: glibc - scanf and related functions in glibc before 2.15 allow local users to cause a de...2011

💬Community

1
Bugzilla
CVE-2011-5320 glibc: scanf implementation crashes on certain inputs2015-02-26
CVE-2011-5320 — GNU Glibc vulnerability | cvebase