CVE-2010-4756

Description

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

How to fix CVE-2010-4756

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/glibc—no fix listed

Is CVE-2010-4756 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4756