VDB
CVE-2009-4880
CVE-2009-4880
PUBLISHED
CVSS 5 MEDIUM
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.
EPSS 12.96% · 94.2th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
12.96%
94.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gnu | glibc | 2.0.4, 0, 2.0.1 |
| n/a | n/a | * |
Exploit Intelligence
- http://securityreason.com/achievement_securityalert/67 (nist-nvd)
- http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600 (nist-nvd)
- http://www.securityfocus.com/bid/36443 (nist-nvd)
- CIRCL confirmed: CVE-2009-4880 (circl-sighting)
- USN-944-1 (circl)
- ADV-2010-1246 (circl)
- GLSA-201011-01 (circl)
- 39900 (circl)
- http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=199eb0de8d673fb23aa127721054b4f1803d61f3 (circl)
- gnuclibrary-strfmon-overflow(59242) (circl)
…and 4 more exploits
Timeline
- Sep 17, 2009 PoC Published
- Jun 1, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- MDVSA-2010:111 vendor-advisory
- GLSA-201011-01 vendor-advisory
- ADV-2010-1246 vdb
- USN-944-1 vendor-advisory
- 36443 vdb
- http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600 url
- 20090917 glibc x<=2.10.1 stdio/strfmon.c Multiple Vulnerabilities third-party-advisory
- 39900 third-party-advisory
- http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=199eb0de8d673fb23aa127721054b4f1803d61f3 url
- gnuclibrary-strfmon-overflow(59242) vdb
- MDVSA-2010:112 vendor-advisory
- DSA-2058 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=524671 url
- https://nvd.nist.gov/vuln/detail/CVE-2009-4880 advisory
- http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3 url