Candidate: CVE-2009-4880
PublicDate: 2010-06-01 20:30:00 UTC
PublicDateAtUSN: 2010-05-24
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4880
 https://ubuntu.com/security/notices/USN-944-1
Description:
 Multiple integer overflows in the strfmon implementation in the GNU C
 Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent
 attackers to cause a denial of service (memory consumption or application
 crash) via a crafted format string, as demonstrated by a crafted first
 argument to the money_format function in PHP, a related issue to
 CVE-2008-1391.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_eglibc:
upstream_eglibc: released (2.12)
dapper_eglibc: DNE
hardy_eglibc: DNE
jaunty_eglibc: DNE
karmic_eglibc: released (2.10.1-0ubuntu17)
lucid_eglibc: released (2.11.1-0ubuntu7.1)
devel_eglibc: not-affected (2.12-0ubuntu2)

Patches_glibc:
upstream_glibc: needs-triage
dapper_glibc: released (2.3.6-0ubuntu20.6)
hardy_glibc: released (2.7-10ubuntu6)
jaunty_glibc: released (2.9-4ubuntu6.2)
karmic_glibc: DNE
lucid_glibc: DNE
devel_glibc: DNE