Bug 599070 (CVE-2009-4880) - CVE-2009-4880 glibc (32-bit): Multiple integer overflows in the printf implementation
Summary: CVE-2009-4880 glibc (32-bit): Multiple integer overflows in the printf implem...
Alias: CVE-2009-4880
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://securityreason.com/achievement...
Depends On:
TreeView+ depends on / blocked
Reported: 2010-06-02 15:59 UTC by Jan Lieskovsky
Modified: 2021-02-24 23:02 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-02-04 19:08:58 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Sourceware 10600 0 P2 RESOLVED stdio/strfmon.c multiple vulnerabilities (CVE-2008-1391) 2020-03-30 06:29:13 UTC

Description Jan Lieskovsky 2010-06-02 15:59:30 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4880 to
the following vulnerability:

Multiple integer overflows in the strfmon implementation in the GNU C
Library (aka glibc or libc6) 2.10.1 and earlier allow
context-dependent attackers to cause a denial of service (memory
consumption or application crash) via a crafted format string, as
demonstrated by a crafted first argument to the money_format function
in PHP, a related issue to CVE-2008-1391.

  [1] http://securityreason.com/achievement_securityalert/67
  [2] https://bugzilla.redhat.com/show_bug.cgi?id=524671
  [3] http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600
  [4] http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3
  [5] http://www.ubuntu.com/usn/USN-944-1
  [6] http://www.securityfocus.com/bid/36443
  [7] http://secunia.com/advisories/39900
  [8] http://www.vupen.com/english/advisories/2010/1246

Public PoC (from [3]):

[cx@localhost ~]$ php -r 'money_format("%.1073741821i",1);'
Segmentation fault

Comment 5 Tomas Hoger 2011-02-04 19:08:58 UTC
More details on this bug can be found in upstream bugzilla #10600 or in Fedora bug #496386.

Both issues affecting glibc and reported in SecurityReason Advisory 67 are corrected in Red Hat Enterprise Linux 6 glibc packages.


Red Hat does not consider this bug to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions.

Note You need to log in before you can comment on or make changes to this bug.