oss-sec mailing list archives
Re: two vulns in uClibc-0.9.33.2
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Fri, 16 Jun 2017 18:45:12 -0700
Does it make sense to assign CVEs to regex compilation? Very few toolkits handle this well, and even given how many regex toolkits use backtracking, even 'safe' regexes can lead to essentially unbounded execution time.
One use case are "sandbox" languages, such as JavaScript. JS engines often use third-party regex libraries with attacker-controlled regexes. They don't particularly about OOM / CPU exhaustion, but RCE that allows a malicious program to escape containment would be bad news. Probably no JS engine using uclibc, though. /mz
Current thread:
- two vulns in uClibc-0.9.33.2 fefe (Jun 15)
- Re: two vulns in uClibc-0.9.33.2 Andrej Nemec (Jun 15)
- Re: two vulns in uClibc-0.9.33.2 Zach W (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Peter Korsgaard (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Seth Arnold (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Kurt Seifried (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Bob Friesenhahn (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Florian Weimer (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Simon McVittie (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Jakub Wilk (Jun 17)
- <Possible follow-ups>
- Re: two vulns in uClibc-0.9.33.2 fefe (Jun 20)
- Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)
- re: two vulns in uClibc-0.9.33.2 fefe (Jun 26)
- Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)