Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201502-14
HistoryFeb 25, 2015 - 12:00 a.m.

grep: Denial of service

2015-02-2500:00:00
Gentoo Foundation
security.gentoo.org
17

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Background

grep is the GNU regular expression matcher.

Description

A heap buffer overrun has been fixed in the bmexec_trans function in kwset.c.

Impact

A local user can cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All grep users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/grep-2.21-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-apps/grep< 2.21-r1UNKNOWN

Related

nessus 13
openvas 7
debiancve 1
ibm 4
nvd 1
centos 2
ubuntucve 1
prion 1
cvelist 1
redhat 2
cve 1
oraclelinux 2
f5 1
archlinux 1
amazon 2
veracode 1
nessus
nessus
Amazon Linux AMI : grep (ALAS-2016-639)
2016-01-19 00:00:00
Scientific Linux Security Update : grep on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
CentOS 7 : grep (CESA-2015:2111)
2015-12-02 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-2111)
2015-11-24 00:00:00
Gentoo Security Advisory GLSA 201502-14
2015-09-29 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-639)
2016-01-20 00:00:00
debiancve
debiancve
CVE-2015-1345
2015-02-12 16:59:03
ibm
ibm
Security Bulletin: Vulnerability in GNU Grep affects PowerKVM (CVE-2015-1345)
2018-06-18 01:30:37
Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345)
2018-06-16 21:38:15
Security Bulletin: Multiple vulnerabilities in GNU grep affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1345, CVE-2012-5667)
2018-06-17 22:32:53
nvd
nvd
CVE-2015-1345
2015-02-12 16:59:03
centos
centos
grep security update
2015-11-30 19:32:57
grep security update
2015-07-26 14:11:37
ubuntucve
ubuntucve
CVE-2015-1345
2015-02-12 00:00:00
prion
prion
Out-of-bounds
2015-02-12 16:59:00
cvelist
cvelist
CVE-2015-1345
2015-02-12 16:00:00
redhat
redhat
(RHSA-2015:2111) Low: grep security and bug fix update
2015-11-19 14:39:52
(RHSA-2015:1447) Low: grep security, bug fix, and enhancement update
2015-07-22 00:00:00
cve
cve
CVE-2015-1345
2015-02-12 16:59:03
oraclelinux
oraclelinux
grep security and bug fix update
2015-11-23 00:00:00
grep security, bug fix, and enhancement update
2015-07-28 00:00:00
f5
f5
K42891424 : Grep vulnerability CVE-2015-1345
2017-06-29 00:00:00
archlinux
archlinux
grep: denial of service
2015-03-05 00:00:00
amazon
amazon
Low: grep
2016-01-18 11:00:00
Low: grep
2015-09-22 10:00:00
veracode
veracode
Denial Of Service (DoS) Through Heap Out-of-Bounds (OOB) Read
2019-05-02 05:41:03

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for GLSA-201502-14
nessus13openvas7debiancve1ibm4nvd1centos2ubuntucve1prion1cvelist1redhat2cve1oraclelinux2f51archlinux1amazon2veracode1