oss-sec mailing list archives
CVE request: issues in ISO C++ 2011 regex library
From: Murray McAllister <mmcallis () redhat com>
Date: Tue, 05 Aug 2014 15:50:32 +1000
Hello,Maksymilian Arciemowicz reported a number of issues in the ISO C++ 2011 regex libraries:
http://seclists.org/fulldisclosure/2014/Aug/1 Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61601 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61582 http://llvm.org/bugs/show_bug.cgi?id=20291For the memory corruption bug (61582), there seems to be more than one issue here (at least a heap-based buffer overflow and a stack overflow of some sort). Can a single CVE be assigned, or do you need specific details for each issue (I don't currently have those)?
With GCC 4.8 in Fedora, the affected program needs to be compiled using the "-std=c++11" option.
Thanks, -- Murray McAllister / Red Hat Product Security https://bugzilla.redhat.com/show_bug.cgi?id=1126688 https://bugzilla.redhat.com/show_bug.cgi?id=1126691 https://bugzilla.redhat.com/show_bug.cgi?id=1126695
Current thread:
- CVE request: issues in ISO C++ 2011 regex library Murray McAllister (Aug 04)
- Re: CVE request: issues in ISO C++ 2011 regex library Rich Felker (Aug 05)
- Re: CVE request: issues in ISO C++ 2011 regex library Murray McAllister (Aug 07)
- Re: CVE request: issues in ISO C++ 2011 regex library Maksymilian A (Aug 10)
- Re: CVE request: issues in ISO C++ 2011 regex library Murray McAllister (Aug 07)
- Re: CVE request: issues in ISO C++ 2011 regex library Rich Felker (Aug 05)