CVE-2018-20796
ADVISORY - debianSummary
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.
- glibc (unimportant)
- eglibc (unimportant) https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html No treated as vulnerability: https://sourceware.org/glibc/wiki/Security%20Exceptions
EPSS Score: 0.01996 (0.828)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Uncontrolled Recursion
ADVISORY - redhat
Uncontrolled Recursion
Debian
CREATED
UPDATED
ADVISORY IDCVE-2018-20796
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/glibc | deb | debian | 12 | >=2.36-9+deb12u10 | Not yet available |
| debian/glibc | deb | debian | 11 | >=2.31-13+deb11u11 | Not yet available |
| debian/glibc | deb | debian | 13 | >=2.41-9 | Not yet available |
| debian/glibc | deb | debian | unstable | >=2.41-9 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2018-20796
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2018-20796
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5lowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2018-20796
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.3mediumintheWild
CREATED
UPDATED
ADVISORY IDCVE-2018-20796
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-