oss-sec mailing list archives
Re: CVE request: grep heap buffer overrun
From: cve-assign () mitre org
Date: Thu, 22 Jan 2015 12:01:22 -0500 (EST)
Invoking grep with a carefully crafted combination of input and regexp can cause a segfault and/or reading from uninitialized memory. Here's how it evolved: http://bugs.gnu.org/19563 Here's the upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2 This is particularly relevant for those who do not exec grep directly, but rather embed parts of grep in another tool.
Use CVE-2015-1345. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- CVE request: grep heap buffer overrun Jim Meyering (Jan 18)
- Re: CVE request: grep heap buffer overrun cve-assign (Jan 22)