CVE-2010-4051

glibc through 2.11.3 and 2.12.x through 2.12.2 - Denial of Service via RE_DUP_MAX Overflow in regcomp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4051. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary The exploit demonstrates a denial-of-service (DoS) vulnerability in GNU libc's regcomp function (CVE-2010-4051) by triggering a stack exhaustion or segmentation fault via malformed regular expressions with excessive repetition operators. The PoC code provides multiple examples of patterns that cause crashes in applications like grep, pgrep, and proftpd.

Description

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

Exploits (1)

exploitdb WORKING POC
by Maksymilian Arciemowicz · cdoslinux
https://www.exploit-db.com/exploits/15935

The exploit demonstrates a denial-of-service (DoS) vulnerability in GNU libc's regcomp function (CVE-2010-4051) by triggering a stack exhaustion or segmentation fault via malformed regular expressions with excessive repetition operators. The PoC code provides multiple examples of patterns that cause crashes in applications like grep, pgrep, and proftpd.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: GNU libc (regcomp function), affected applications include grep, pgrep, proftpd, etc.
No auth needed
Prerequisites: Access to a system with vulnerable GNU libc or affected applications
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42547
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024832
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Jan/78
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/912279
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45233
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515589/100/0/threaded
Patch x_refsource_misc
http://cxib.net/stuff/proftpd.gnu.c
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15935
Exploit third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8003
Exploit third-party-advisory x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/93

Scores

EPSS 0.4000
EPSS Percentile 98.4%

Details

Status published
Products (28)
gnu/glibc 1.00
gnu/glibc 1.01
gnu/glibc 1.02
gnu/glibc 1.03
gnu/glibc 1.04
gnu/glibc 1.05
gnu/glibc 1.06
gnu/glibc 1.07
gnu/glibc 1.08
gnu/glibc 1.09
... and 18 more
Published Jan 13, 2011
Tracked Since Feb 18, 2026