Summary: | <sys-libs/glibc-2.19-r1: "extend_buffers()" Regular Expression Handling Denial of Service Vulnerability (CVE-2013-0242) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/51951/ | ||
Whiteboard: | A3 [glsa cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 518364 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-01-31 16:14:29 UTC
CVE-2013-0242 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0242): Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. Can the fix be backported to stable glibc versions? no plans to backport to glibc-2.17 or older Maintainer(s), please drop the vulnerable version(s). Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |