CVE-2010-4052

Priority
Description
Stack consumption vulnerability in the regcomp implementation in the GNU C
Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2,
allows context-dependent attackers to cause a denial of service (resource
exhaustion) via a regular expression containing adjacent repetition
operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the
proftpd.gnu.c exploit for ProFTPD.
Notes
 mdeslaur> debatable wheither this is a security issue or not.
 mdeslaur> application should impose limits and filtering. Ignoring.
Package
Upstream:needs-triage
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-03-26 12:28:04 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)