Name | CVE-2011-5320 |
Description | scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-165-1 |
Debian Bugs | 553206 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
glibc (PTS) | jessie, jessie (lts) | 2.19-18+deb8u14 | fixed |
| stretch (security) | 2.24-11+deb9u1 | fixed |
| stretch (lts), stretch | 2.24-11+deb9u7 | fixed |
| buster (security), buster, buster (lts) | 2.28-10+deb10u4 | fixed |
| bullseye | 2.31-13+deb11u11 | fixed |
| bullseye (security) | 2.31-13+deb11u10 | fixed |
| bookworm | 2.36-9+deb12u9 | fixed |
| bookworm (security) | 2.36-9+deb12u7 | fixed |
| sid, trixie | 2.40-4 | fixed |
The information below is based on the following data on fixed versions.
Notes
2.15 ist the first version recieving the fix, mark with upstream version which should
be handled correctly then by the tracker.
https://sourceware.org/bugzilla/show_bug.cgi?id=13138
https://www.openwall.com/lists/oss-security/2015/02/26/2
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
CVE assigned specific to the https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4 issue