Vulnerability Description
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openbsd | <= 4.8 |
Related Weaknesses (CWE)
References
- http://securityreason.com/achievement_securityalert/97
- http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35Patch
- http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=
- http://www.securityfocus.com/bid/48004
- http://securityreason.com/achievement_securityalert/97
- http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35Patch
- http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=
- http://www.securityfocus.com/bid/48004
FAQ
What is CVE-2011-2168?
CVE-2011-2168 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPE...
How severe is CVE-2011-2168?
CVE-2011-2168 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2168?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openbsd.