2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
CentOS Errata and Security Advisory CESA-2015:2111
The grep utility searches through textual input for lines that contain a
match to a specified pattern and then prints the matching lines. The GNU
grep utilities include grep, egrep, and fgrep.
A heap-based buffer overflow flaw was found in the way grep processed
certain pattern and text combinations. An attacker able to trick a user
into running grep on specially crafted input could use this flaw to crash
grep or, potentially, read from uninitialized memory. (CVE-2015-1345)
This update also fixes the following bugs:
Prior to this update, the \w and \W symbols were inconsistently matched
to the [:alnum:] character class. Consequently, using regular expressions
with “\w” and “\W” could lead to incorrect results. With this update, “\w”
is consistently matched to the [[:alnum:]] character, and “\W” is
consistently matched to the [^[:alnum:]] character. (BZ#1159012)
Previously, the Perl Compatible Regular Expression (PCRE) matcher
(selected by the “-P” parameter in grep) did not work correctly when
matching non-UTF-8 text in UTF-8 locales. Consequently, an error message
about invalid UTF-8 byte sequence characters was returned. To fix this bug,
patches from upstream have been applied to the grep utility. As a result,
PCRE now skips non-UTF-8 characters as non-matching text without returning
any error message. (BZ#1217080)
All grep users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-November/028560.html
Affected packages:
grep
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:2111
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | grep | < 2.20-2.el7 | grep-2.20-2.el7.x86_64.rpm |