CVE-2009-5155

Summary

CVE	CVE-2009-5155
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-02-26 02:29:00 UTC
Updated	2023-11-07 02:04:00 UTC
Description	In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

Risk And Classification

Problem Types: CWE-19

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Glibc	All	All	All	All
Application	Gnu	Glibc	All	All	All	All
Application	Netapp	Cloud Backup	All	All	All	All
Application	Netapp	Cloud Backup	All	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Steelstore Cloud Integrated Storage	-	All	All	All
Application	Netapp	Steelstore Cloud Integrated Storage	-	All	All	All

References

Reference	Source	Link	Tags
#32806 - An assertion is hit when processing "(\|()()0)\2" extended regular expression - GNU bug report logs	MISC	debbugs.gnu.org	Exploit, Mailing List, Vendor Advisory
support.f5.com/csp/article/K64119434	CONFIRM	support.f5.com
myF5		support.f5.com
March 2019 GNU C Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Patch, Third Party Advisory
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8		lists.apache.org
sourceware.org Git - glibc.git/commit	MISC	sourceware.org	Mailing List, Patch, Third Party Advisory
Pony Mail!	MLIST	lists.apache.org
support.f5.com/csp/article/K64119434	CONFIRM	support.f5.com
gnulib.git - gnulib - GNU portability library	MISC	git.savannah.gnu.org	Mailing List, Patch, Vendor Advisory
#34238 - Assertion `num >= 0' failed at regexec.c:1363 - GNU bug report logs	MISC	debbugs.gnu.org	Exploit, Mailing List, Vendor Advisory
11053 – Wrong results with backreferences	MISC	sourceware.org	Exploit, Issue Tracking, Third Party Advisory
sourceware.org Git - glibc.git/commit		sourceware.org
Pony Mail!	MLIST	lists.apache.org
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8		lists.apache.org
18986 – (CVE-2009-5155) ERE '0\|()0\|\1\|0' causes regexec undefined behavior	MISC	sourceware.org	Exploit, Issue Tracking, Third Party Advisory
#22793 - grep -E assertion failure with back references - GNU bug report logs	MISC	debbugs.gnu.org	Mailing List, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

354104 Amazon Linux Security Advisory for glibc : ALAS2-2022-1869
376030 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) GNU C Library Vulnerability (K64119434)
376052 F5 BIG-IP Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM) GNU C Library Vulnerability (K64119434)