cve/CVE-2009-5155.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

POC

Reference

No PoCs from references.

Github

https://github.com/flyrev/security-scan-ci-presentation
https://github.com/iakovmarkov/prometheus-vuls-exporter
https://github.com/nedenwalker/spring-boot-app-using-gradle
https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln
https://github.com/thegeeklab/audit-exporter

975 B Raw Blame History

CVE-2009-5155

Description

POC

Reference

Github

975 B

Raw Blame History