This is the mail archive of the glibc-bugs-regex@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug regex/12896] New: regexec() stack overflow denial of service

From: "yangdingning at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs-regex at sources dot redhat dot com
Date: Thu, 16 Jun 2011 03:07:07 +0000
Subject: [Bug regex/12896] New: regexec() stack overflow denial of service
Auto-submitted: auto-generated

http://sourceware.org/bugzilla/show_bug.cgi?id=12896

           Summary: regexec() stack overflow denial of service
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: regex
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: yangdingning@gmail.com


An easy way to reproduce is:

$ echo | grep -E "(.*)\1{4}+"
Segmentation fault (core dumped)
$

This bug has been verified to exist in glibc 2.11.1 shipped with Ubuntu 10.04,
as well as the latest version from git repository. It may have security
implications as shown in the description of CVE-2010-4051 and CVE-2010-4052.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Follow-Ups:
- [Bug regex/12896] regexec() stack overflow denial of service
  - From: bonzini at gnu dot org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]