CVE-2010-4051

Publication date 13 January 2011

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

Read the notes from the security team

Status

Package Ubuntu Release Status
eglibc 10.10 maverick Ignored
10.04 LTS lucid Ignored
9.10 karmic Ignored
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release
glibc 10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
8.04 LTS hardy Ignored
6.06 LTS dapper Ignored

Notes

mdeslaur

debatable wheither this is a security issue or not. application should impose limits and filtering. Ignoring.