CVE-2010-4756

Publication date 2 March 2011

Last updated 24 July 2024

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	10.10 maverick	Ignored
	10.04 LTS lucid	Ignored
	9.10 karmic	Ignored
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
glibc	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

no plans to fix this in glibc. Applications should filter input. Ignoring.

References

MITRE
NVD
Launchpad
Debian

Other references

http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://www.cve.org/CVERecord?id=CVE-2010-4756