In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern
Uncontrolled Recursion
Uncontrolled Recursion
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/glibc | deb | debian | 12 | >=2.36-9+deb12u4 | Not yet available |
| debian/glibc | deb | debian | unstable | >=2.38-11 | Not yet available |
| debian/glibc | deb | debian | 13 | >=2.38-11 | Not yet available |
| debian/glibc | deb | debian | 11 | >=2.31-13+deb11u8 | Not yet available |
| debian/glibc | deb | debian | 10 | >=2.28-10+deb10u1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
3.9
3.9
1.3
-
-