Fluid Attacks Database

Description

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	glibc	>=0 <2.28-1	2.28-1
debian 12	glibc	>=0 <2.28-1	2.28-1
debian 14	glibc	>=0 <2.28-1	2.28-1
debian 14	gnulib	>=0 <20140202+stable-3.2	20140202+stable-3.2
debian 12	gnulib	>=0 <20140202+stable-3.2	20140202+stable-3.2
debian 11	glibc	>=0 <2.28-1	2.28-1
debian 11	gnulib	>=0 <20140202+stable-3.2	20140202+stable-3.2
debian 13	gnulib	>=0 <20140202+stable-3.2	20140202+stable-3.2
rpm rhel7	glibc	-	-
rpm rhel6	glibc	-	-

1-10 of 11

Aliases

1. CVE-2009-51552. NVD-2009-51553. OSV-DEBIAN-2009-51554. OSV-2009-51555. SECURITY-TRACKER-CVE-2009-5155

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.