{
  "threat_severity" : "Moderate",
  "public_date" : "2009-06-01T00:00:00Z",
  "bugzilla" : {
    "description" : "glibc: __tzfile_read integer overflow to buffer overflow",
    "id" : "761245",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761245"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2012-02-13T00:00:00Z",
    "advisory" : "RHSA-2012:0125",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "glibc-0:2.3.4-2.57"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-02-13T00:00:00Z",
    "advisory" : "RHSA-2012:0126",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "glibc-0:2.5-65.el5_7.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-01-24T00:00:00Z",
    "advisory" : "RHSA-2012:0058",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "glibc-0:2.12-1.47.el6_2.5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Affected",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-5029\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-5029" ],
  "name" : "CVE-2009-5029",
  "csaw" : false
}