Denial of Service Vulnerability in BSD libc RegComp Implementation
CVE-2011-3336

7.5HIGH

Key Information:

Vendor: Apple
Status: macOS
Vendor: CVE Published:; 12 February 2020

What is CVE-2011-3336?

The regcomp function in the BSD implementation of libc is susceptible to denial of service attacks due to stack exhaustion. An attacker could craft specific regular expressions that consume excessive stack space, leading to application crashes and service downtime. This vulnerability highlights the importance of robust input validation and the need for developers to implement safeguards against malicious input patterns.

Affected Version(s)

macOS through 2011

References

http://seclists.org/fulldisclosure/2014/Mar/166

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/50541

vdb-entryx_refsource_BID

https://www.securityfocus.com/archive/1/520390

mailing-listx_refsource_BUGTRAQ

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2020
Vulnerability Reserved
Aug 29, 2011

Apple

What is CVE-2011-3336?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline