CVE-2009-5029

Priority
Description
Integer overflow in the __tzfile_read function in glibc before 2.15 allows
context-dependent attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted timezone (TZ) file, as
demonstrated using vsftpd.
Notes
 mdeslaur> see upstream bug for possible typo in commit
 sbeattie> lucid also needs stdint.h included to get SIZE_MAX
 jdstrand> patch in patches/any/cvs-tzfile.diff on precise
Assigned-to
sbeattie
More Information

Updated: 2019-03-19 11:51:54 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)