CVE-2009-5029

glibc < 2.15 - Integer Overflow in __tzfile_read via Crafted Timezone File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-5029. PoCs published by dividead.

AI-analyzed exploit summary This exploit targets an integer overflow vulnerability in GNU glibc's timezone handling. It crafts a malicious TZif file to trigger a malloc(0) condition, potentially leading to arbitrary code execution.

Description

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

Exploits (1)

exploitdb WORKING POC VERIFIED
by dividead · cdoslinux
https://www.exploit-db.com/exploits/36404

This exploit targets an integer overflow vulnerability in GNU glibc's timezone handling. It crafts a malicious TZif file to trigger a malloc(0) condition, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: GNU glibc (versions affected by CVE-2009-5029)
No auth needed
Prerequisites: Ability to deliver a malicious TZif file to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.0807
EPSS Percentile 94.1%

Details

CWE
CWE-189
Status published
Products (15)
gnu/glibc 2.0
gnu/glibc 2.0.1
gnu/glibc 2.0.2
gnu/glibc 2.0.3
gnu/glibc 2.0.4
gnu/glibc 2.0.5
gnu/glibc 2.0.6
gnu/glibc 2.1
gnu/glibc 2.1.1
gnu/glibc 2.1.1.6
... and 5 more
Published May 02, 2013
Tracked Since Feb 18, 2026