CVE-2009-4881

Publication date 1 June 2010

Last updated 24 July 2024

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
glibc	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Ignored end of life
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
glibc	Upstream: http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa31b93be22e01b236375fb02a9f9b9a0195f

References

Other references

https://www.cve.org/CVERecord?id=CVE-2009-4881