7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.5 High
AI Score
Confidence
High
0.094 Low
EPSS
Percentile
94.7%
Maksymilian Arciemowicz discovered that the GNU C library did not
correctly handle integer overflows in the strfmon function. If a user
or automated system were tricked into processing a specially crafted
format string, a remote attacker could crash applications, leading to
a denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)
Jeff Layton and Dan Rosenberg discovered that the GNU C library did not
correctly handle newlines in the mntent family of functions. If a local
attacker were able to inject newlines into a mount entry through other
vulnerable mount helpers, they could disrupt the system or possibly gain
root privileges. (CVE-2010-0296)
Dan Rosenberg discovered that the GNU C library did not correctly validate
certain ELF program headers. If a user or automated system were tricked
into verifying a specially crafted ELF program, a remote attacker could
execute arbitrary code with user privileges. (CVE-2010-0830)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | libc6 | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc-bin | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc-dev-bin | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dbg | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dev | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-dev-i386 | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-i386 | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-pic | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-prof | <Β 2.10.1-0ubuntu17 | UNKNOWN |
Ubuntu | 9.10 | noarch | libc6-udeb | <Β 2.10.1-0ubuntu17 | UNKNOWN |