CVE-2011-1071

GNU C Library < 2.12.2 and Embedded GLIBC - Remote Code Execution via Long UTF8 String in fnmatch

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1071. PoCs published by Simon Berry-Byrne.

AI-analyzed exploit summary This exploit targets a stack-corruption vulnerability in GNU glibc versions prior to 2.12.2. It uses a crafted input to trigger a buffer overflow in the fnmatch function, potentially leading to arbitrary code execution.

Description

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

Exploits (1)

exploitdb WORKING POC
by Simon Berry-Byrne · cdosmultiple
https://www.exploit-db.com/exploits/17120

This exploit targets a stack-corruption vulnerability in GNU glibc versions prior to 2.12.2. It uses a crafted input to trigger a buffer overflow in the fnmatch function, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: GNU glibc < 2.12.2
No auth needed
Prerequisites: Target system must be using a vulnerable version of glibc · Attacker must be able to supply crafted input to the fnmatch function
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (25)

Core 25
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46563
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8175
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=681054
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46397
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0412.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0863
Exploit x_refsource_confirm
http://bugs.debian.org/615120
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43989
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025290
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43492
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/26/3
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853
Exploit mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/28/11
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Feb/635
Patch mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Feb/644
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43830
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0413.html
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/28/15

Scores

EPSS 0.1432
EPSS Percentile 96.1%

Details

CWE
CWE-399
Status published
Products (50)
gnu/eglibc
gnu/glibc 1.00
gnu/glibc 1.01
gnu/glibc 1.02
gnu/glibc 1.03
gnu/glibc 1.04
gnu/glibc 1.05
gnu/glibc 1.06
gnu/glibc 1.07
gnu/glibc 1.08
... and 40 more
Published Apr 08, 2011
Tracked Since Feb 18, 2026