// For flags

CVE-2010-4052

GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

8
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

Vulnerabilidad de lconsumo de pila de memoria en la aplicación regcomp en la Biblioteca de C de GNU (también conocido como glibc o libc6) hasta v2.11.3, y v2.12.x hasta v2.12.2, permite a atacantes dependientes de contexto para provocar una denegación de servicio (agotamiento de recursos) a través de expresión regular que contiene operadores de repetición adyacentes, como se demuestra con una secuencia {10} {10} {10} {10} en el exploit proftpd.gnu.c para ProFTPD.

Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp().

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-10-22 CVE Reserved
  • 2010-12-07 First Exploit
  • 2011-01-07 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.00
Search vendor "Gnu" for product "Glibc" and version "1.00"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.01
Search vendor "Gnu" for product "Glibc" and version "1.01"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.02
Search vendor "Gnu" for product "Glibc" and version "1.02"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.03
Search vendor "Gnu" for product "Glibc" and version "1.03"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.04
Search vendor "Gnu" for product "Glibc" and version "1.04"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.05
Search vendor "Gnu" for product "Glibc" and version "1.05"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.06
Search vendor "Gnu" for product "Glibc" and version "1.06"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.07
Search vendor "Gnu" for product "Glibc" and version "1.07"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.08
Search vendor "Gnu" for product "Glibc" and version "1.08"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.09
Search vendor "Gnu" for product "Glibc" and version "1.09"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
1.09.1
Search vendor "Gnu" for product "Glibc" and version "1.09.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1
Search vendor "Gnu" for product "Glibc" and version "2.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.1
Search vendor "Gnu" for product "Glibc" and version "2.1.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.1.6
Search vendor "Gnu" for product "Glibc" and version "2.1.1.6"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.2
Search vendor "Gnu" for product "Glibc" and version "2.1.2"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.3
Search vendor "Gnu" for product "Glibc" and version "2.1.3"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.3.10
Search vendor "Gnu" for product "Glibc" and version "2.1.3.10"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.9
Search vendor "Gnu" for product "Glibc" and version "2.1.9"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.10
Search vendor "Gnu" for product "Glibc" and version "2.10"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.10.1
Search vendor "Gnu" for product "Glibc" and version "2.10.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.10.2
Search vendor "Gnu" for product "Glibc" and version "2.10.2"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.11
Search vendor "Gnu" for product "Glibc" and version "2.11"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.11.1
Search vendor "Gnu" for product "Glibc" and version "2.11.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.11.2
Search vendor "Gnu" for product "Glibc" and version "2.11.2"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.11.3
Search vendor "Gnu" for product "Glibc" and version "2.11.3"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.12.0
Search vendor "Gnu" for product "Glibc" and version "2.12.0"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.12.1
Search vendor "Gnu" for product "Glibc" and version "2.12.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.12.2
Search vendor "Gnu" for product "Glibc" and version "2.12.2"
-
Affected