oss-sec mailing list archives

Re: CVE request: grep heap buffer overrun

From: cve-assign () mitre org
Date: Thu, 22 Jan 2015 12:01:22 -0500 (EST)

Invoking grep with a carefully crafted combination of input and regexp
can cause a segfault and/or reading from uninitialized memory.

Here's how it evolved: http://bugs.gnu.org/19563
Here's the upstream fix:
http://git.sv.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2

This is particularly relevant for those who do not exec grep directly,
but rather embed parts of grep in another tool.


Use CVE-2015-1345.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Current thread:

CVE request: grep heap buffer overrun Jim Meyering (Jan 18)
- Re: CVE request: grep heap buffer overrun cve-assign (Jan 22)