CVE-2010-4052

Publication date 13 January 2011

Last updated 24 July 2024

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	10.10 maverick	Ignored
	10.04 LTS lucid	Ignored
	9.10 karmic	Ignored
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
glibc	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

debatable wheither this is a security issue or not. application should impose limits and filtering. Ignoring.

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.kb.cert.org/vuls/id/912279
http://seclists.org/fulldisclosure/2011/Jan/78
https://www.cve.org/CVERecord?id=CVE-2010-4052