QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2011-1071

Back to search

CVE-2011-1071

Published: Apr 8, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

VendorProductVersions

n/a

n/a

affected
n/a

References

46563
vdb-entry
x_refsource_BID
8175
third-party-advisory
x_refsource_SREASON
46397
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0412
vendor-advisory
x_refsource_REDHAT
ADV-2011-0863
vdb-entry
x_refsource_VUPEN
43989
third-party-advisory
x_refsource_SECUNIA
1025290
vdb-entry
x_refsource_SECTRACK
43492
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:12853
vdb-entry
signature
x_refsource_OVAL
20110224 glibc and alloca()
mailing-list
x_refsource_FULLDISC
20110226 Re: glibc and alloca()
mailing-list
x_refsource_FULLDISC
MDVSA-2011:178
vendor-advisory
x_refsource_MANDRIVA
43830
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0413
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now