Vulnerability Details : CVE-2011-2168
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.
Products affected by CVE-2011-2168
- cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.8:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.7:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.5:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.6:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2168
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2168
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-2168
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2168
-
http://www.securityfocus.com/bid/48004
OpenBSD libc glob 'GLOB_APPEND' and 'GLOB_DOOFFS' Flags Multiple Integer Overflow Vulnerabilities
-
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34;r2=1.35;f=h
ErrorPatch
-
http://securityreason.com/achievement_securityalert/97
Multiple FTPD Server GLOB_BRACE|GLOB_LIMIT memory exhaustion - CXSecurity.com
-
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35
CVS log for src/lib/libc/gen/glob.cPatch
Jump to