Vulnerability-Lookup

CVE-2011-1659 (GCVE-0-2011-1659)

Vulnerability from cvelistv5 – Published: 2011-04-08 15:00 – Updated: 2024-08-06 22:37

Summary

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=681054	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/520102/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/46397	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/44353	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1025450	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://scarybeastsecurity.blogspot.com/2011/02/i-…	x_refsource_MISC
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://code.google.com/p/chromium/issues/detail?i…	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://sourceware.org/bugzilla/show_bug.cgi?id=12583	x_refsource_CONFIRM
	http://sourceware.org/git/?p=glibc.git%3Ba=commit…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:37:24.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
          },
          {
            "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
          },
          {
            "name": "46397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46397"
          },
          {
            "name": "44353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44353"
          },
          {
            "name": "1025450",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025450"
          },
          {
            "name": "gnuclibrary-fnmatch-dos(66819)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819"
          },
          {
            "name": "MDVSA-2011:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://code.google.com/p/chromium/issues/detail?id=48733"
          },
          {
            "name": "MDVSA-2011:179",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
        },
        {
          "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
        },
        {
          "name": "46397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46397"
        },
        {
          "name": "44353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44353"
        },
        {
          "name": "1025450",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025450"
        },
        {
          "name": "gnuclibrary-fnmatch-dos(66819)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819"
        },
        {
          "name": "MDVSA-2011:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://code.google.com/p/chromium/issues/detail?id=48733"
        },
        {
          "name": "MDVSA-2011:179",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=681054",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "46397",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "44353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44353"
            },
            {
              "name": "1025450",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025450"
            },
            {
              "name": "gnuclibrary-fnmatch-dos(66819)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819"
            },
            {
              "name": "MDVSA-2011:178",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
            },
            {
              "name": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html",
              "refsource": "MISC",
              "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "name": "http://code.google.com/p/chromium/issues/detail?id=48733",
              "refsource": "MISC",
              "url": "http://code.google.com/p/chromium/issues/detail?id=48733"
            },
            {
              "name": "MDVSA-2011:179",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
            },
            {
              "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583",
              "refsource": "CONFIRM",
              "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583"
            },
            {
              "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485",
              "refsource": "CONFIRM",
              "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1659",
    "datePublished": "2011-04-08T15:00:00.000Z",
    "dateReserved": "2011-04-08T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:37:24.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-571

Vulnerability from certfr_avis - Published: 2011-10-18 - Updated: 2011-10-18

De nombreuses vulnérabilités présentes dans des bibliothèques tierces parties utilisées par VMWare ESX et VMWare ESXi ont été corrigées.

Description

VMWare a corrigé un nombre conséquent de vulnérabilités dans des bibliothèques tierces utilisées par VMWare ESX et VMWare ESXi.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMWare ESXi 4.0.
	VMware	ESXi	VMWare ESX 4.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMWare WMSA-2011-0012 du 12 octobre 2011	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2011-0012 du 12 octobre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMWare ESXi 4.0.",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX 4.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nVMWare a corrig\u00e9 un nombre cons\u00e9quent de vuln\u00e9rabilit\u00e9s dans des\nbiblioth\u00e8ques tierces utilis\u00e9es par VMWare ESX et VMWare ESXi.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1083"
    },
    {
      "name": "CVE-2011-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1010"
    },
    {
      "name": "CVE-2010-4346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4346"
    },
    {
      "name": "CVE-2010-3477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3477"
    },
    {
      "name": "CVE-2010-4263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4263"
    },
    {
      "name": "CVE-2010-3859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3859"
    },
    {
      "name": "CVE-2011-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
    },
    {
      "name": "CVE-2010-4255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4255"
    },
    {
      "name": "CVE-2010-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2938"
    },
    {
      "name": "CVE-2010-4072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4072"
    },
    {
      "name": "CVE-2010-4655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4655"
    },
    {
      "name": "CVE-2010-3865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3865"
    },
    {
      "name": "CVE-2010-4343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4343"
    },
    {
      "name": "CVE-2010-3877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3877"
    },
    {
      "name": "CVE-2011-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
    },
    {
      "name": "CVE-2010-4526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4526"
    },
    {
      "name": "CVE-2010-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
    },
    {
      "name": "CVE-2010-4249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4249"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2010-3086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3086"
    },
    {
      "name": "CVE-2011-0282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0282"
    },
    {
      "name": "CVE-2011-1090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1090"
    },
    {
      "name": "CVE-2010-3442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3442"
    },
    {
      "name": "CVE-2010-4161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4161"
    },
    {
      "name": "CVE-2010-3015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3015"
    },
    {
      "name": "CVE-2011-1478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1478"
    },
    {
      "name": "CVE-2010-4157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4157"
    },
    {
      "name": "CVE-2011-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0536"
    },
    {
      "name": "CVE-2010-3699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3699"
    },
    {
      "name": "CVE-2010-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3066"
    },
    {
      "name": "CVE-2010-3067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3067"
    },
    {
      "name": "CVE-2010-4248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4248"
    },
    {
      "name": "CVE-2010-2942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2942"
    },
    {
      "name": "CVE-2010-4243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4243"
    },
    {
      "name": "CVE-2011-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1658"
    },
    {
      "name": "CVE-2010-3880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3880"
    },
    {
      "name": "CVE-2010-3858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3858"
    },
    {
      "name": "CVE-2010-3904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3904"
    },
    {
      "name": "CVE-2010-4247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4247"
    },
    {
      "name": "CVE-2010-3296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3296"
    },
    {
      "name": "CVE-2010-3078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3078"
    },
    {
      "name": "CVE-2010-4073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4073"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2010-1323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1323"
    },
    {
      "name": "CVE-2011-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0521"
    },
    {
      "name": "CVE-2010-4075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4075"
    },
    {
      "name": "CVE-2010-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4083"
    },
    {
      "name": "CVE-2011-0281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0281"
    },
    {
      "name": "CVE-2010-4081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4081"
    },
    {
      "name": "CVE-2010-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2492"
    },
    {
      "name": "CVE-2010-3876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3876"
    },
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    },
    {
      "name": "CVE-2010-4080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4080"
    },
    {
      "name": "CVE-2010-4238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4238"
    },
    {
      "name": "CVE-2010-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4242"
    },
    {
      "name": "CVE-2010-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2798"
    },
    {
      "name": "CVE-2011-0710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0710"
    },
    {
      "name": "CVE-2010-4158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4158"
    },
    {
      "name": "CVE-2010-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3432"
    },
    {
      "name": "CVE-2010-2943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2943"
    },
    {
      "name": "CVE-2011-1495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
    }
  ],
  "initial_release_date": "2011-10-18T00:00:00",
  "last_revision_date": "2011-10-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0012 du 12 octobre    2011 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    }
  ],
  "reference": "CERTA-2011-AVI-571",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans des biblioth\u00e8ques tierces\nparties utilis\u00e9es par \u003cspan class=\"textit\"\u003eVMWare ESX\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eVMWare ESXi\u003c/span\u003e ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans VMWare ESX et ESXi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare WMSA-2011-0012 du 12 octobre 2011",
      "url": null
    }
  ]
}

CERTA-2013-AVI-267

Vulnerability from certfr_avis - Published: 2013-04-23 - Updated: 2013-04-23

De multiples vulnérabilités ont été corrigées dans Avaya Communication Manager. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Avaya Communication Manager versions antérieures à 5.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Avaya du 19 avril 2013	None	vendor-advisory
Bulletin de sécurité Avaya ASA-2012-094 du 19 avril 2013	-	other
Bulletin de sécurité Avaya ASA-2012-155 du 19 avril 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eAvaya Communication Manager versions ant\u00e9rieures \u00e0 5.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2009-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
    },
    {
      "name": "CVE-2010-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    }
  ],
  "initial_release_date": "2013-04-23T00:00:00",
  "last_revision_date": "2013-04-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-094 du 19 avril 2013",
      "url": "https://downloads.avaya.com/css/P8/documents/100157565"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-155 du 19 avril 2013",
      "url": "https://downloads.avaya.com/css/P8/documents/100160531"
    }
  ],
  "reference": "CERTA-2013-AVI-267",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-04-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Communication Manager\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Communication Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya du 19 avril 2013",
      "url": null
    }
  ]
}

GHSA-Q5RG-JQVH-MJ2Q

Vulnerability from github – Published: 2022-05-14 02:55 – Updated: 2025-04-11 03:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1659"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-04-08T15:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.",
  "id": "GHSA-q5rg-jqvh-mj2q",
  "modified": "2025-04-11T03:45:49Z",
  "published": "2022-05-14T02:55:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1659"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=48733"
    },
    {
      "type": "WEB",
      "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44353"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025450"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-1659

Vulnerability from fkie_nvd - Published: 2011-04-08 15:17 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://code.google.com/p/chromium/issues/detail?id=48733	Exploit
cve@mitre.org	http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html	Exploit
cve@mitre.org	http://secunia.com/advisories/44353
cve@mitre.org	http://secunia.com/advisories/46397
cve@mitre.org	http://sourceware.org/bugzilla/show_bug.cgi?id=12583	Exploit, Patch
cve@mitre.org	http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
cve@mitre.org	http://www.securityfocus.com/archive/1/520102/100/0/threaded
cve@mitre.org	http://www.securitytracker.com/id?1025450
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2011-0012.html
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=681054	Exploit, Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/66819
af854a3a-2127-422b-91ae-364da2661108	http://code.google.com/p/chromium/issues/detail?id=48733	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44353
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/46397
af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/bugzilla/show_bug.cgi?id=12583	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/520102/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025450
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0012.html
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=681054	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66819

Impacted products

Vendor	Product	Version
gnu	glibc	*
gnu	glibc	1.00
gnu	glibc	1.01
gnu	glibc	1.02
gnu	glibc	1.03
gnu	glibc	1.04
gnu	glibc	1.05
gnu	glibc	1.06
gnu	glibc	1.07
gnu	glibc	1.08
gnu	glibc	1.09
gnu	glibc	1.09.1
gnu	glibc	2.0
gnu	glibc	2.0.1
gnu	glibc	2.0.2
gnu	glibc	2.0.3
gnu	glibc	2.0.4
gnu	glibc	2.0.5
gnu	glibc	2.0.6
gnu	glibc	2.1
gnu	glibc	2.1.1
gnu	glibc	2.1.1.6
gnu	glibc	2.1.2
gnu	glibc	2.1.3
gnu	glibc	2.1.3.10
gnu	glibc	2.1.9
gnu	glibc	2.2
gnu	glibc	2.2.1
gnu	glibc	2.2.2
gnu	glibc	2.2.3
gnu	glibc	2.2.4
gnu	glibc	2.2.5
gnu	glibc	2.3
gnu	glibc	2.3.1
gnu	glibc	2.3.2
gnu	glibc	2.3.3
gnu	glibc	2.3.4
gnu	glibc	2.3.5
gnu	glibc	2.3.6
gnu	glibc	2.3.10
gnu	glibc	2.4
gnu	glibc	2.5
gnu	glibc	2.5.1
gnu	glibc	2.6
gnu	glibc	2.6.1
gnu	glibc	2.7
gnu	glibc	2.8
gnu	glibc	2.9
gnu	glibc	2.10
gnu	glibc	2.10.1
gnu	glibc	2.10.2
gnu	glibc	2.11
gnu	glibc	2.11.1
gnu	glibc	2.11.2
gnu	glibc	2.11.3
gnu	glibc	2.12.0
gnu	glibc	2.12.1
gnu	glibc	2.12.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C95B740-039D-40BB-BC5B-8D6790E90607",
              "versionEndIncluding": "2.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA23C241-132B-423E-A22A-7206A8074D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F79978B1-8831-4169-B815-80138C85832C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "991EB676-F043-418D-BD81-0BB937236D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA0C5DB0-602E-4296-884C-60E24FC80458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "3211F47C-DF6D-4355-95F8-DED317700621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "229BFD88-A90F-4D2B-97B9-822A7D87EAEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE253B0-D8E0-4099-8CA7-8925B4809F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "D640F556-8181-4F15-B2F7-7EC7E8869FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "061383CD-B9AD-41C6-8C46-F79870B9CD22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "9897B03F-A457-4B29-9C5E-FEA084D3BF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C3684B-CE01-46B5-9E41-BF58E6A5AA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFD93D5-70BB-475C-BDD3-DEDE9965C5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F23D2F-A01F-4949-A917-D1164E14EAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "64576C9A-FCD9-4410-B590-AB43F9F85D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "229AC4E3-AFBA-4EF4-8534-8FBE1E630253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B91503A-E8DC-4DFF-98D4-687B5AE41438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "241A4B59-7BBC-4656-93AC-7DD8BE29EB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "00D0DBDC-1559-406D-AADC-12B5ABDD2BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5294FCC-3933-4CD5-8DFE-BCDC00F4BD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5CA3E33-7CC6-4AC5-999A-3C46D7FD14A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAADC158-B7EF-4135-B383-0DA43065B43E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "261A4A17-3B9E-46E6-897B-DB0C8358A1D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAC8483-5060-428B-8D8E-C30E5823BB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A511B6-72EC-4200-8C1C-BDE30BC2431A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03C644D-0EF9-4586-96D5-5DEE78D9D5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "47AD8A88-DAF0-4206-8661-70075BA2AE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AD17CD-545F-425A-92CF-0EE5F5B5F74E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0B9503-9AD0-4A1A-BD4F-4B902BFC8E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0660536D-7F82-4B91-8B84-704D26FE989F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037E8C-43E8-4121-B877-1834282ACD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFCA5E85-9AFA-429A-AC51-8D8EC2841330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D41ABE25-DECD-4068-93DA-0B85281FD93A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "84600406-0CE2-46EA-A5AD-4CC0D3494AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96FA9ED-7529-440D-984D-6340B94D8243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3D70AB0-2910-4191-9980-5BA78E8F2E11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A93600D-7271-4AF5-8133-C6AA5BC8543F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0B4AFFF-A537-44BD-B97A-EFA9409DB8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "37880948-2AB5-491A-85E2-B7E271E03B1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en posix/fnmatch.c en la biblioteca de C de GNU \r\n(tambi\u00e9n conocida como glibc o libc6) v2.13 y anteriores, permite a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio \r\n(bloqueo de la aplicaci\u00f3n) a trav\u00e9s de una cadena UTF8 larga que se utiliza en \r\nuna llamada fnmatch con un patr\u00f3n de argumento manipulado, un \r\nvulnerabilidad diferente de CVE-2011-1071."
    }
  ],
  "id": "CVE-2011-1659",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-08T15:17:28.540",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://code.google.com/p/chromium/issues/detail?id=48733"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/44353"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025450"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://code.google.com/p/chromium/issues/detail?id=48733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1659

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1659

Aliases

CVE-2011-1659

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1659",
    "description": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.",
    "id": "GSD-2011-1659",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-1659.html",
      "https://access.redhat.com/errata/RHSA-2012:0125",
      "https://access.redhat.com/errata/RHSA-2011:0413",
      "https://access.redhat.com/errata/RHSA-2011:0412",
      "https://linux.oracle.com/cve/CVE-2011-1659.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1659"
      ],
      "details": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.",
      "id": "GSD-2011-1659",
      "modified": "2023-12-13T01:19:08.441327Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-1659",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=681054",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
          },
          {
            "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
          },
          {
            "name": "46397",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/46397"
          },
          {
            "name": "44353",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44353"
          },
          {
            "name": "1025450",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025450"
          },
          {
            "name": "gnuclibrary-fnmatch-dos(66819)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819"
          },
          {
            "name": "MDVSA-2011:178",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
          },
          {
            "name": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html",
            "refsource": "MISC",
            "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
          },
          {
            "name": "http://code.google.com/p/chromium/issues/detail?id=48733",
            "refsource": "MISC",
            "url": "http://code.google.com/p/chromium/issues/detail?id=48733"
          },
          {
            "name": "MDVSA-2011:179",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
          },
          {
            "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583",
            "refsource": "CONFIRM",
            "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583"
          },
          {
            "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485",
            "refsource": "CONFIRM",
            "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1659"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://code.google.com/p/chromium/issues/detail?id=48733",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://code.google.com/p/chromium/issues/detail?id=48733"
            },
            {
              "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583"
            },
            {
              "name": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=681054",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
            },
            {
              "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485"
            },
            {
              "name": "44353",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44353"
            },
            {
              "name": "1025450",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025450"
            },
            {
              "name": "46397",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "name": "MDVSA-2011:178",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
            },
            {
              "name": "MDVSA-2011:179",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
            },
            {
              "name": "gnuclibrary-fnmatch-dos(66819)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:31Z",
      "publishedDate": "2011-04-08T15:17Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1659 (GCVE-0-2011-1659)

CERTA-2011-AVI-571

Description

Solution

CERTA-2013-AVI-267

Solution

GHSA-Q5RG-JQVH-MJ2Q

FKIE_CVE-2011-1659

GSD-2011-1659

Tags

Sightings

Nomenclature