VYPR
Unrated severityOSV Advisory· Published Feb 26, 2019· Updated Aug 4, 2024

CVE-2019-9192

CVE-2019-9192

Description

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

Affected products

2
  • GNU/GlibcOSV2 versions
    cvs/ChangeLog, cvs/amigados-merge, cvs/before-thomas-posix1996, …+ 1 more
    • (no CPE)range: cvs/ChangeLog, cvs/amigados-merge, cvs/before-thomas-posix1996, …
    • (no CPE)range: <=2.29

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.