Описание
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory.
Отчет
This issue did not affect versions of grep as shipped in Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | grep | Not affected | ||
| Red Hat Enterprise Linux 6 | grep | Fixed | RHSA-2015:1447 | 20.07.2015 |
| Red Hat Enterprise Linux 7 | grep | Fixed | RHSA-2015:2111 | 19.11.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
1.2 Low
CVSS2
Связанные уязвимости
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows ...
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
EPSS
1.2 Low
CVSS2