oss-sec mailing list archives
CVE request: grep heap buffer overrun
From: Jim Meyering <jim () meyering net>
Date: Sun, 18 Jan 2015 11:43:14 -0800
Invoking grep with a carefully crafted combination of input and regexp can cause a segfault and/or reading from uninitialized memory. Here's how it evolved: http://bugs.gnu.org/19563 Here's the upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2 This is particularly relevant for those who do not exec grep directly, but rather embed parts of grep in another tool.
Current thread:
- CVE request: grep heap buffer overrun Jim Meyering (Jan 18)
- Re: CVE request: grep heap buffer overrun cve-assign (Jan 22)