CVE-2011-3336

high-risk

Published 2020-02-12

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

Do I need to act?

!

24.6% chance of exploitation in next 30 days

EPSS score — higher than 75% of all CVEs

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

!

1 public exploit available

36288

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (4)

Php

Mac Os X

Freebsd

Openbsd

Affected Vendors

Freebsd Apple Php Openbsd

References (8)

Exploit http://seclists.org/fulldisclosure/2014/Mar/166

Exploit http://www.securityfocus.com/bid/50541

Exploit https://cxsecurity.com/issue/WLB-2011110082

Exploit https://www.securityfocus.com/archive/1/520390

Exploit http://seclists.org/fulldisclosure/2014/Mar/166

Exploit http://www.securityfocus.com/bid/50541

Exploit https://cxsecurity.com/issue/WLB-2011110082

Exploit https://www.securityfocus.com/archive/1/520390

58

/ 100

high-risk

Severity 26/34 · High

Exploitability 22/34 · High

Exposure 10/34 · Low