The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Glibc | Gnu | * | 2.28 (excluding) |
| Eglibc | Ubuntu | precise | * |
| Eglibc | Ubuntu | precise/esm | * |
| Eglibc | Ubuntu | trusty | * |
| Eglibc | Ubuntu | trusty/esm | * |
| Eglibc | Ubuntu | upstream | * |
| Glibc | Ubuntu | artful | * |
| Glibc | Ubuntu | bionic | * |
| Glibc | Ubuntu | esm-infra/bionic | * |
| Glibc | Ubuntu | esm-infra/xenial | * |
| Glibc | Ubuntu | upstream | * |
| Glibc | Ubuntu | vivid/stable-phone-overlay | * |
| Glibc | Ubuntu | vivid/ubuntu-core | * |
| Glibc | Ubuntu | xenial | * |
| Glibc | Ubuntu | yakkety | * |
| Glibc | Ubuntu | zesty | * |
References
- http://www.openwall.com/lists/oss-security/2017/02/14/9
- http://www.securityfocus.com/bid/76916
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392
- https://security.gentoo.org/glsa/201908-06
- http://www.openwall.com/lists/oss-security/2017/02/14/9
- http://www.securityfocus.com/bid/76916
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392
- https://security.gentoo.org/glsa/201908-06