CVE-2009-4880

2010-05-2400:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Multiple integer overflows in the strfmon implementation in the GNU C
Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent
attackers to cause a denial of service (memory consumption or application
crash) via a crafted format string, as demonstrated by a crafted first
argument to the money_format function in PHP, a related issue to
CVE-2008-1391.

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarcheglibc< 2.10.1-0ubuntu17UNKNOWN
ubuntu10.04noarcheglibc< 2.11.1-0ubuntu7.1UNKNOWN
ubuntu6.06noarchglibc< 2.3.6-0ubuntu20.6UNKNOWN
ubuntu8.04noarchglibc< 2.7-10ubuntu6UNKNOWN
ubuntu9.04noarchglibc< 2.9-4ubuntu6.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.10	noarch	eglibc	< 2.10.1-0ubuntu17	UNKNOWN
ubuntu	10.04	noarch	eglibc	< 2.11.1-0ubuntu7.1	UNKNOWN
ubuntu	6.06	noarch	glibc	< 2.3.6-0ubuntu20.6	UNKNOWN
ubuntu	8.04	noarch	glibc	< 2.7-10ubuntu6	UNKNOWN
ubuntu	9.04	noarch	glibc	< 2.9-4ubuntu6.2	UNKNOWN