CVE-2010-4756
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
02/03/2011
Last modified:
03/11/2025
Description
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://cxib.net/stuff/glob-0day.c
- http://securityreason.com/achievement_securityalert/89
- http://securityreason.com/exploitalert/9223
- https://bugzilla.redhat.com/show_bug.cgi?id=681681
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
- http://cxib.net/stuff/glob-0day.c
- http://securityreason.com/achievement_securityalert/89
- http://securityreason.com/exploitalert/9223
- https://bugzilla.redhat.com/show_bug.cgi?id=681681
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
- https://security.netapp.com/advisory/ntap-20241108-0002/