1. Home
  2. CVE Database
  3. CVE-2011-1071
MEDIUM · 5.1

CVE-2011-1071

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a lon...

Vulnerability Description

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

CVSS Score

5.1

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
GnuEglibcAll versions
GnuGlibc<= 2.12.1

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2011-1071?

CVE-2011-1071 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a lon...

How severe is CVE-2011-1071?

CVE-2011-1071 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1071?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Eglibc, Gnu Glibc.