header-logo
Suggest Exploit
vendor:
glibc
by:
SecurityFocus
7.5
CVSS
HIGH
Integer-Overflow Weakness
190
CWE
Product Name: glibc
Affected Version From: 2.10.2001
Affected Version To: Prior
Patch Exists: Yes
Related CWE: N/A
CPE: a:gnu:glibc
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

GNU glibc Integer-Overflow Weakness

GNU glibc is prone to an integer-overflow weakness. An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Mitigation:

Upgrade to the latest version of GNU glibc
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/36443/info

GNU glibc is prone to an integer-overflow weakness.

An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

GNU glibc 2.10.1 and prior are vulnerable. 

The following proof-of-concept commands are available:

php -r 'money_format("%.1073741821i",1);'
php -r 'money_format("%.1343741821i",1);'

Navigation

Suggest Exploit

Services By CQR