Vulnerability DatabaseCVE-2009-5155
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2009-5155
February 26, 2019
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
Related Resources (15)
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
https://support.f5.com/csp/article/K64119434
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806
https://support.f5.com/csp/article/K64119434?utm_source=f5support&amp%3Butm_medium=RSS
https://security-tracker.debian.org/tracker/CVE-2009-5155
https://security.netapp.com/advisory/ntap-20190315-0002/
https://access.redhat.com/security/cve/CVE-2009-5155
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793
https://sourceware.org/bugzilla/show_bug.cgi?id=18986
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-5155
https://sourceware.org/bugzilla/show_bug.cgi?id=11053
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=eb04c21373e2a2885f3d52ff192b0499afe3c672
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
CVSS v2
Base Score:
5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
EPSS
Base Score:
1.35