CVE-2019-9192
ADVISORY - debianSummary
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern
- glibc (unimportant)
- eglibc (unimportant) https://sourceware.org/bugzilla/show_bug.cgi?id=24269
EPSS Score: 0.00164 (0.380)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Uncontrolled Recursion
ADVISORY - redhat
Uncontrolled Recursion
Debian
CREATED
UPDATED
ADVISORY IDCVE-2019-9192
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/glibc | deb | debian | 12 | >=2.36-9+deb12u10 | Not yet available |
| debian/glibc | deb | debian | unstable | >=2.41-9 | Not yet available |
| debian/glibc | deb | debian | 13 | >=2.41-9 | Not yet available |
| debian/glibc | deb | debian | 11 | >=2.31-13+deb11u11 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2019-9192
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2019-9192
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5lowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2019-9192
EXPLOITABILITY SCORE
1.3
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
2.8lowintheWild
CREATED
UPDATED
ADVISORY IDCVE-2019-9192
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-