CVE-2019-9192
Published: 26 February 2019
** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.
Priority
Negligible
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
eglibc Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
|
|
|
glibc Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
Notes
| Author | Note |
|---|---|
| mdeslaur | upstream does not consider this to be a security issue, per https://sourceware.org/glibc/wiki/Security%20Exceptions as of 2019-07-29, no fix available This issue has been disputed, marking as not-affected |