GNU libc regcomp() stack exhaustion denial of service

2010-12-07T00:00:00
ID VU:912279
Type cert
Reporter CERT
Modified 2010-12-08T00:00:00

Description

Overview

The regcomp() function of GNU libc is susceptible to stack exhaustion which may result in a denial of service.

Description

It is possible to trigger deep recursion which results in stack exhaustion. An example trigger is: grep -E ".*{10,}{10,}{10,}{10,}{10,}"


Impact

An attacker may be able to trigger a denial of service in applications that accept regular expressions.


Solution

We are currently unaware of a practical solution to this problem.


Vendor Information

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Debian GNU/Linux| | 22 Oct 2010| 07 Dec 2010
Gentoo Linux| | 22 Oct 2010| 07 Dec 2010
Red Hat, Inc.| | 22 Oct 2010| 07 Dec 2010
Slackware Linux Inc.| | 22 Oct 2010| 07 Dec 2010
Ubuntu| | 22 Oct 2010| 07 Dec 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • None

Credit

Thanks to Maksymilian Arciemowicz for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2010-4051 CVE-2010-4052
  • Date Public: 07 Dec 2010
  • Date First Published: 07 Dec 2010
  • Date Last Updated: 08 Dec 2010
  • Severity Metric: 0.18
  • Document Revision: 13