The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
Resource Management Errors
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/glibc | deb | debian | 12 | >=2.36-9+deb12u4 | Not yet available |
debian/glibc | deb | debian | 13 | >=2.38-11 | Not yet available |
debian/glibc | deb | debian | unstable | >=2.38-11 | Not yet available |
debian/glibc | deb | debian | 11 | >=2.31-13+deb11u8 | Not yet available |
debian/glibc | deb | debian | 10 | >=2.28-10+deb10u1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
8
-
10.0
-
CVE-2010-4756
-
CVE-2010-4756
-
-
-