4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.8%
Multiple integer overflows in GNU Grep before 2.11 might allow
context-dependent attackers to execute arbitrary code via vectors involving
a long input line that triggers a heap-based buffer overflow.
Author | Note |
---|---|
seth-arnold | Upstream recommends upgrading to 2.11, but include fixes for two bugs introduced in 2.11, and reverting the -r change. See oss-security/2012/12/22/3 for details. Upgrading to latest release may also make sense. |
jdstrand | Reproducer for amd64 system (tested with 8G of RAM): perl -e ‘print "x"x(2**31)’ |