oss-sec mailing list archives
CVE-Request - GNU Awk.
From: Steve Kemp <steve () steve org uk>
Date: Mon, 14 Mar 2016 06:32:28 +0000
I reported two DoS bugs against GNU Awk to the debian bug tracker recently, both of which are denial of service attacks causing NULL-pointer deferences. It would be useful to have a CVE identifiers assigned. The two issues can be demonstrated like so : echo | gawk '{ print( @olower( "steve" ) ) }' echo | gawk 'for (i = ) in foo bar baz' There are potential patches and further diagnostics on the bug reports themselves which are respectively: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816271 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816277 Steve -- # Git Based DNS Hosting https://www.dns-api.com
Current thread:
- CVE-Request - GNU Awk. Steve Kemp (Mar 13)
- Re: CVE-Request - GNU Awk. Tomas Hoger (Mar 14)
- Re: CVE-Request - GNU Awk. Yuriy M. Kaminskiy (Mar 14)
- Re: Re: CVE-Request - GNU Awk. Kurt Seifried (Mar 14)
- Re: Re: CVE-Request - GNU Awk. Bob Friesenhahn (Mar 14)
- Re: CVE-Request - GNU Awk. Yuriy M. Kaminskiy (Mar 14)
- Re: CVE-Request - GNU Awk. Tomas Hoger (Mar 14)
- <Possible follow-ups>
- Re: CVE-Request - GNU Awk. Steve Kemp (Mar 14)