CVE-2011-1071
GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption
Severity Score
5.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
9
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
La Biblioteca C (también se conoce como glibc o libc6) anterior a versión 2.12.2 y Embedded GLIBC (EGLIBC), de GNU, permiten a los atacantes dependiendo del contexto ejecutar código arbitrario o causar una denegación de servicio (consumo de memoria) por medio de una cadena UTF8 larga que es usada en una función llamada fnmatch, también se conoce como "stack extension attack," un problema relacionado con CVE-2010-2898, CVE-2010-1917 y CVE-2007-4782, como se informó originalmente para el uso de esta biblioteca por Google Chrome.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-02-24 CVE Reserved
- 2011-02-25 First Exploit
- 2011-04-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (27)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/02/26/3 | Mailing List | |
| http://openwall.com/lists/oss-security/2011/02/28/15 | Mailing List | |
| http://securityreason.com/securityalert/8175 | Third Party Advisory | |
| http://securitytracker.com/id?1025290 | Vdb Entry | |
| http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/520102/100/0/threaded | Mailing List | |
| http://www.vmware.com/security/advisories/VMSA-2011-0012.html | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/17120 | 2011-02-25 | |
| http://bugs.debian.org/615120 | 2024-08-06 | |
| http://code.google.com/p/chromium/issues/detail?id=48733 | 2024-08-06 | |
| http://openwall.com/lists/oss-security/2011/02/28/11 | 2024-08-06 | |
| http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2011/Feb/635 | 2024-08-06 | |
| http://sourceware.org/bugzilla/show_bug.cgi?id=11883 | 2024-08-06 | |
| http://www.securityfocus.com/bid/46563 | 2024-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=681054 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/fulldisclosure/2011/Feb/644 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/43492 | 2023-02-13 | |
| http://secunia.com/advisories/43830 | 2023-02-13 | |
| http://secunia.com/advisories/43989 | 2023-02-13 | |
| http://secunia.com/advisories/46397 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0412.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0413.html | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0863 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2011-1071 | 2012-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Eglibc Search vendor "Gnu" for product "Eglibc" | * | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.12.1 Search vendor "Gnu" for product "Glibc" and version " <= 2.12.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.00 Search vendor "Gnu" for product "Glibc" and version "1.00" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.01 Search vendor "Gnu" for product "Glibc" and version "1.01" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.02 Search vendor "Gnu" for product "Glibc" and version "1.02" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.03 Search vendor "Gnu" for product "Glibc" and version "1.03" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.04 Search vendor "Gnu" for product "Glibc" and version "1.04" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.05 Search vendor "Gnu" for product "Glibc" and version "1.05" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.06 Search vendor "Gnu" for product "Glibc" and version "1.06" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.07 Search vendor "Gnu" for product "Glibc" and version "1.07" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.08 Search vendor "Gnu" for product "Glibc" and version "1.08" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.09 Search vendor "Gnu" for product "Glibc" and version "1.09" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 1.09.1 Search vendor "Gnu" for product "Glibc" and version "1.09.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0 Search vendor "Gnu" for product "Glibc" and version "2.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.1 Search vendor "Gnu" for product "Glibc" and version "2.0.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.2 Search vendor "Gnu" for product "Glibc" and version "2.0.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.3 Search vendor "Gnu" for product "Glibc" and version "2.0.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.4 Search vendor "Gnu" for product "Glibc" and version "2.0.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.5 Search vendor "Gnu" for product "Glibc" and version "2.0.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.6 Search vendor "Gnu" for product "Glibc" and version "2.0.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1 Search vendor "Gnu" for product "Glibc" and version "2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.1 Search vendor "Gnu" for product "Glibc" and version "2.1.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.1.6 Search vendor "Gnu" for product "Glibc" and version "2.1.1.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.2 Search vendor "Gnu" for product "Glibc" and version "2.1.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.3 Search vendor "Gnu" for product "Glibc" and version "2.1.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.3.10 Search vendor "Gnu" for product "Glibc" and version "2.1.3.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.1.9 Search vendor "Gnu" for product "Glibc" and version "2.1.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2 Search vendor "Gnu" for product "Glibc" and version "2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.1 Search vendor "Gnu" for product "Glibc" and version "2.2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.2 Search vendor "Gnu" for product "Glibc" and version "2.2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.3 Search vendor "Gnu" for product "Glibc" and version "2.2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.4 Search vendor "Gnu" for product "Glibc" and version "2.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.5 Search vendor "Gnu" for product "Glibc" and version "2.2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3 Search vendor "Gnu" for product "Glibc" and version "2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.1 Search vendor "Gnu" for product "Glibc" and version "2.3.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.2 Search vendor "Gnu" for product "Glibc" and version "2.3.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.3 Search vendor "Gnu" for product "Glibc" and version "2.3.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.4 Search vendor "Gnu" for product "Glibc" and version "2.3.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.5 Search vendor "Gnu" for product "Glibc" and version "2.3.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.6 Search vendor "Gnu" for product "Glibc" and version "2.3.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.10 Search vendor "Gnu" for product "Glibc" and version "2.3.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.4 Search vendor "Gnu" for product "Glibc" and version "2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.5 Search vendor "Gnu" for product "Glibc" and version "2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.5.1 Search vendor "Gnu" for product "Glibc" and version "2.5.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.6 Search vendor "Gnu" for product "Glibc" and version "2.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.6.1 Search vendor "Gnu" for product "Glibc" and version "2.6.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.7 Search vendor "Gnu" for product "Glibc" and version "2.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.8 Search vendor "Gnu" for product "Glibc" and version "2.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.9 Search vendor "Gnu" for product "Glibc" and version "2.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.10 Search vendor "Gnu" for product "Glibc" and version "2.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.10.1 Search vendor "Gnu" for product "Glibc" and version "2.10.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.10.2 Search vendor "Gnu" for product "Glibc" and version "2.10.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11 Search vendor "Gnu" for product "Glibc" and version "2.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.1 Search vendor "Gnu" for product "Glibc" and version "2.11.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.2 Search vendor "Gnu" for product "Glibc" and version "2.11.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.3 Search vendor "Gnu" for product "Glibc" and version "2.11.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.12.0 Search vendor "Gnu" for product "Glibc" and version "2.12.0" | - |
Affected
| ||||||