Description
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=1.35%3Bf=h
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48004
Third Party Advisory third-party-advisory
x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/97
Patch x_refsource_confirm
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35
Scores
EPSS
0.0039
EPSS Percentile
60.0%
Details
CWE
CWE-189
Status
published
Products (29)
openbsd/openbsd
2.0
openbsd/openbsd
2.1
openbsd/openbsd
2.2
openbsd/openbsd
2.3
openbsd/openbsd
2.4
openbsd/openbsd
2.5
openbsd/openbsd
2.6
openbsd/openbsd
2.7
openbsd/openbsd
2.8
openbsd/openbsd
2.9
... and 19 more
Published
May 24, 2011
Tracked Since
Feb 18, 2026