Описание
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep.
Отчет
This issue did not affect the version of grep as shipped with Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | grep | Not affected | ||
| Red Hat Enterprise Linux 7 | grep | Not affected | ||
| Red Hat Enterprise Linux 6 | grep | Fixed | RHSA-2015:1447 | 20.07.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS2
Связанные уязвимости
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Multiple integer overflows in GNU Grep before 2.11 might allow context ...
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Уязвимости утилиты командной строки Grep, позволяющие нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS
4.4 Medium
CVSS2