Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Grep | Gnu | * | 2.10 (including) |
| Grep | Gnu | 2.2 (including) | 2.2 (including) |
| Grep | Gnu | 2.3 (including) | 2.3 (including) |
| Grep | Gnu | 2.4 (including) | 2.4 (including) |
| Grep | Gnu | 2.4.1 (including) | 2.4.1 (including) |
| Grep | Gnu | 2.4.2 (including) | 2.4.2 (including) |
| Grep | Gnu | 2.5 (including) | 2.5 (including) |
| Grep | Gnu | 2.5.1 (including) | 2.5.1 (including) |
| Grep | Gnu | 2.5.1-a (including) | 2.5.1-a (including) |
| Grep | Gnu | 2.5.3 (including) | 2.5.3 (including) |
| Grep | Gnu | 2.5.4 (including) | 2.5.4 (including) |
| Grep | Gnu | 2.6 (including) | 2.6 (including) |
| Grep | Gnu | 2.6.1 (including) | 2.6.1 (including) |
| Grep | Gnu | 2.6.2 (including) | 2.6.2 (including) |
| Grep | Gnu | 2.6.3 (including) | 2.6.3 (including) |
| Grep | Gnu | 2.7 (including) | 2.7 (including) |
| Grep | Gnu | 2.8 (including) | 2.8 (including) |
| Grep | Gnu | 2.9 (including) | 2.9 (including) |
| Red Hat Enterprise Linux 6 | RedHat | grep-0:2.20-3.el6 | * |
| Grep | Ubuntu | hardy | * |
| Grep | Ubuntu | lucid | * |
| Grep | Ubuntu | oneiric | * |
| Grep | Ubuntu | precise | * |
| Grep | Ubuntu | precise/esm | * |
| Grep | Ubuntu | upstream | * |
References
- http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91
- http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
- http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
- http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
- http://openwall.com/lists/oss-security/2012/12/22/6
- http://rhn.redhat.com/errata/RHSA-2015-1447.html
- http://www.securityfocus.com/bid/57033
- https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
- https://bugzilla.redhat.com/show_bug.cgi?id=889935
- http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91
- http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
- http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11
- http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html
- http://openwall.com/lists/oss-security/2012/12/22/6
- http://rhn.redhat.com/errata/RHSA-2015-1447.html
- http://www.securityfocus.com/bid/57033
- https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
- https://bugzilla.redhat.com/show_bug.cgi?id=889935