From $URL: Overview The regcomp() function of GNU libc is susceptible to stack exhaustion which may result in a denial of service. I. Description It is possible to trigger deep recursion which results in stack exhaustion. An example trigger is: grep -E ".*{10,}{10,}{10,}{10,}{10,}" II. Impact An attacker may be able to trigger a denial of service in applications that accept regular expressions.
how is this any different from Bug 340061 ? glob and regexp have unbounded memory footprint so once again, any server that processes these things and is outward facing should be using some sort of resource limiting.
More detailed analysis is available at http://seclists.org/bugtraq/2011/Jan/35
CVE-2010-4052 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4052): Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. CVE-2010-4051 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4051): The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
suggest closing this out as nothing to do ...
This has been fixed prior to glsa-201312-01 http://www.gentoo.org/security/en/glsa/glsa-201312-01.xml Closing Resolved / Fixed.
