cve/CVE-2010-4052.md at master

0xMarcio/cve

Fork 0

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.1 KiB

Raw Permalink Blame History

CVE-2010-4052

Description

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

POC

Reference

http://seclists.org/fulldisclosure/2011/Jan/78
http://securityreason.com/achievement_securityalert/93
http://securityreason.com/securityalert/8003
http://www.exploit-db.com/exploits/15935

Github

https://github.com/cyr3con-ai/cyRating-check-k8s-webhook
https://github.com/flyrev/security-scan-ci-presentation
https://github.com/garethr/snykout

1.1 KiB Raw Permalink Blame History

CVE-2010-4052

Description

POC

Reference

Github

1.1 KiB

Raw Permalink Blame History