CVE-2009-4880

Published: Jun 1, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

Affected (37)

Products: Gnu: Glibc

1 product

Configuration A

37 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Up to 2.10.1
Gnu Glibc	Version 2.0.1
Gnu Glibc	Version 2.0.2
Gnu Glibc	Version 2.0.3
Gnu Glibc	Version 2.0.4
Gnu Glibc	Version 2.0.5
Gnu Glibc	Version 2.0.6
Gnu Glibc	Version 2.0
Gnu Glibc	Version 2.1.1.6
Gnu Glibc	Version 2.1.1
Gnu Glibc	Version 2.1.2
Gnu Glibc	Version 2.1.3
Gnu Glibc	Version 2.1.9
Gnu Glibc	Version 2.10
Gnu Glibc	Version 2.1
Gnu Glibc	Version 2.2.1
Gnu Glibc	Version 2.2.2
Gnu Glibc	Version 2.2.3
Gnu Glibc	Version 2.2.4
Gnu Glibc	Version 2.2.5
Gnu Glibc	Version 2.2
Gnu Glibc	Version 2.3.10
Gnu Glibc	Version 2.3.1
Gnu Glibc	Version 2.3.2
Gnu Glibc	Version 2.3.3
Gnu Glibc	Version 2.3.4
Gnu Glibc	Version 2.3.5
Gnu Glibc	Version 2.3.6
Gnu Glibc	Version 2.3
Gnu Glibc	Version 2.4
Gnu Glibc	Version 2.5.1
Gnu Glibc	Version 2.5
Gnu Glibc	Version 2.6.1
Gnu Glibc	Version 2.6
Gnu Glibc	Version 2.7
Gnu Glibc	Version 2.8
Gnu Glibc	Version 2.9

Related CWEs

References (26)

http://secunia.com/advisories/39900

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201011-01.xml

Source: cve@mitre.org

http://securityreason.com/achievement_securityalert/67

Source: cve@mitre.org

Exploit

http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600

Source: cve@mitre.org

Exploit

http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=199eb0de8d673fb23aa127721054b4f1803d61f3

Source: cve@mitre.org

http://www.debian.org/security/2010/dsa-2058

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

Source: cve@mitre.org

http://www.securityfocus.com/bid/36443

Source: cve@mitre.org

ExploitPatch

http://www.ubuntu.com/usn/USN-944-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/1246

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=524671

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/59242

Source: cve@mitre.org

http://secunia.com/advisories/39900

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201011-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/achievement_securityalert/67

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=199eb0de8d673fb23aa127721054b4f1803d61f3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2010/dsa-2058

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/36443

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.ubuntu.com/usn/USN-944-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1246

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=524671

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/59242

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.