First published: Sun Jun 25 2023(Updated: )
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU glibc | <2.22 | |
debian/glibc | 2.31-13+deb11u11 2.31-13+deb11u10 2.36-9+deb12u9 2.36-9+deb12u7 2.40-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2015-20109.
The affected software is the GNU C Library (aka glibc or libc6).
The severity rating of CVE-2015-20109 is medium (5.5).
Context-dependent attackers can exploit CVE-2015-20109 by causing a denial of service (application crash) through the use of the fnmatch library function with the **(!() pattern.
To fix CVE-2015-20109, you should update the GNU C Library to version 2.22 or later.