Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 836372 (CVE-2022-23901) - <dev-util/re2c-3.1: infinite recursion
Summary: <dev-util/re2c-3.1: infinite recursion
Alias: CVE-2022-23901
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [stable?]
Keywords: PullRequest
Depends on:
Reported: 2022-03-29 14:43 UTC by John Helmert III
Modified: 2024-06-04 20:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-29 14:43:28 UTC

A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/

Patches in 3.0:
Comment 1 Larry the Git Cow gentoo-dev 2024-01-20 13:33:46 UTC
The bug has been referenced in the following commit(s):

commit a2aa8ccd3c1522c88386de4904d4bf77fcafb0d8
Author:     Christopher Fore <>
AuthorDate: 2024-01-07 00:35:48 +0000
Commit:     Sam James <>
CommitDate: 2024-01-20 13:27:19 +0000

    dev-util/re2c: add 3.1, security bump
    [sam: Add explicit --enable-rust like for Go. It's already on by default though.]
    Signed-off-by: Christopher Fore <>
    Signed-off-by: Sam James <>

 dev-util/re2c/Manifest        |  1 +
 dev-util/re2c/re2c-3.1.ebuild | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
Comment 2 Eli Schwartz 2024-06-04 20:48:45 UTC
Someone else submitted an earlier PR but a missing tag made it go unnoticed. :(