Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArch LinuxASA-201503-4
HistoryMar 05, 2015 - 12:00 a.m.

grep: denial of service

2015-03-0500:00:00
Arch Linux
lists.archlinux.org
11

0.0004 Low

EPSS

Percentile

5.1%

JSON

The bmexec_trans function in kwset.c allows local users to cause a
denial of service (out-of-bounds heap read and crash) via crafted input
when using the -F option.

grep’s read buffer is often filled to its full size, except when reading
the final buffer of a file. In that case, the number of bytes read may
be far less than the size of the buffer. However, for certain unusual
pattern/text combinations, grep -F would mistakenly examine bytes in
that uninitialized region of memory when searching for a match. With
carefully chosen inputs, one can cause grep -F to read beyond the end of
that buffer altogether. This problem arose via commit v2.18-90-g73893ff
with the introduction of a more efficient heuristic using what is now
the memchr_kwset function. The use of that function in bmexec_trans
could leave TP much larger than EP, and the subsequent call to
bm_delta2_search would mistakenly access beyond end of the main input
read buffer.

OSVersionArchitecturePackageVersionFilename
anyanyanygrep< 2.21-2UNKNOWN

Related

nessus 13
debiancve 1
openvas 7
f5 1
ibm 4
nvd 1
centos 2
ubuntucve 1
prion 1
cvelist 1
redhat 2
cve 1
gentoo 1
oraclelinux 2
amazon 2
veracode 1
nessus
nessus
Amazon Linux AMI : grep (ALAS-2016-639)
2016-01-19 00:00:00
Scientific Linux Security Update : grep on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
openSUSE Security Update : grep (openSUSE-2015-121)
2015-02-10 00:00:00
debiancve
debiancve
CVE-2015-1345
2015-02-12 16:59:03
openvas
openvas
Gentoo Security Advisory GLSA 201502-14
2015-09-29 00:00:00
Oracle: Security Advisory (ELSA-2015-2111)
2015-11-24 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-639)
2016-01-20 00:00:00
f5
f5
K42891424 : Grep vulnerability CVE-2015-1345
2017-06-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in GNU Grep affects PowerKVM (CVE-2015-1345)
2018-06-18 01:30:37
Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345)
2018-06-16 21:38:15
Security Bulletin: Multiple vulnerabilities in GNU grep affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1345, CVE-2012-5667)
2018-06-17 22:32:53
nvd
nvd
CVE-2015-1345
2015-02-12 16:59:03
centos
centos
grep security update
2015-11-30 19:32:57
grep security update
2015-07-26 14:11:37
ubuntucve
ubuntucve
CVE-2015-1345
2015-02-12 00:00:00
prion
prion
Out-of-bounds
2015-02-12 16:59:00
cvelist
cvelist
CVE-2015-1345
2015-02-12 16:00:00
redhat
redhat
(RHSA-2015:2111) Low: grep security and bug fix update
2015-11-19 14:39:52
(RHSA-2015:1447) Low: grep security, bug fix, and enhancement update
2015-07-22 00:00:00
cve
cve
CVE-2015-1345
2015-02-12 16:59:03
gentoo
gentoo
grep: Denial of service
2015-02-25 00:00:00
oraclelinux
oraclelinux
grep security and bug fix update
2015-11-23 00:00:00
grep security, bug fix, and enhancement update
2015-07-28 00:00:00
amazon
amazon
Low: grep
2016-01-18 11:00:00
Low: grep
2015-09-22 10:00:00
veracode
veracode
Denial Of Service (DoS) Through Heap Out-of-Bounds (OOB) Read
2019-05-02 05:41:03

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for ASA-201503-4
nessus13debiancve1openvas7f51ibm4nvd1centos2ubuntucve1prion1cvelist1redhat2cve1gentoo1oraclelinux2amazon2veracode1