Executive Summary

Summary
Title GNU libc regcomp() stack exhaustion denial of service
Informations
Name VU#912279 First vendor Publication 2010-12-07
Vendor VU-CERT Last vendor Modification 2010-12-08
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#912279

GNU libc regcomp() stack exhaustion denial of service

Overview

The regcomp() function of GNU libc is susceptible to stack exhaustion which may result in a denial of service.

I. Description

It is possible to trigger deep recursion which results in stack exhaustion. An example trigger is: grep -E ".*{10,}{10,}{10,}{10,}{10,}"

II. Impact

An attacker may be able to trigger a denial of service in applications that accept regular expressions.

III. Solution

We are currently unaware of a practical solution to this problem.

Vendor Information

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected2010-10-222010-12-07
Gentoo LinuxAffected2010-10-222010-12-07
Red Hat, Inc.Affected2010-10-222010-12-07
Slackware Linux Inc.Affected2010-10-222010-12-07
UbuntuAffected2010-10-222010-12-07

References

Credit

Thanks to Maksymilian Arciemowicz for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:2010-12-07
Date First Published:2010-12-07
Date Last Updated:2010-12-08
CERT Advisory: 
CVE-ID(s):CVE-2010-4051CVE-2010-4052
NVD-ID(s):CVE-2010-4051CVE-2010-4052
US-CERT Technical Alerts: 
Severity Metric:0.18
Document Revision:13

Original Source

Url : http://www.kb.cert.org/vuls/id/912279

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 28

ExploitDB Exploits

id Description
2010-12-07 GNU glibc 'regcomp()' Stack Exhaustion Denial Of Service Vulnerability
2013-02-05 FreeBSD 9.1 ftpd Remote Denial of Service
2011-01-07 GNU libc/regcomp(3) Multiple Vulnerabilities

Open Source Vulnerability Database (OSVDB)

Id Description
70447 GNU C Library regcomp() Function Regex Adjacent Repetition Operator DoS

GNU C Library contains a flaw that may allow a remote denial of service. The issue is triggered when errors in the 'regcomp()' function when processing certain regular expressions, allowing a remote attacker to cause a denial of service by using this function on specially crafted regular expressions.
70446 GNU C Library regcomp() Function Regex Bounded Repetition RE_DUP_MAX Limitati...

GNU C Library contains a flaw that may allow a remote denial of service. The issue is triggered when errors in the 'regcomp()' function when processing certain regular expressions, allowing a remote attacker to cause a denial of service by using this function on specially crafted regular expressions.

Nessus® Vulnerability Scanner

Date Description
2014-01-16 Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10612.nasl - Type : ACT_GATHER_INFO
2011-04-18 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5098.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-10-27 09:22:38
  • Multiple Updates