Bug 645859 (CVE-2010-4051, CVE-2010-4052)
Summary: | CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | fweimer, jakub, pbonzini, schwab, security-response-team, wnefal+redhatbugzilla |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-06-03 09:40:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2010-10-22 17:01:05 UTC
The CVE identifier of CVE-2010-4051 has been assigned for the crash due large values in an "{n,}" sequence issue. The CVE identifier of CVE-2010-4052 has been assigned for the stack exhaustion issue. Full-disclosure post: [1] http://seclists.org/fulldisclosure/2011/Jan/78 Statement: Red Hat does not consider crash of client application, using regcomp() or regexec() routines on untrusted input without preliminary checking the input for the sanity, to be a security issue (the described deficiency implies and is a known limitation of the glibc regular expression engine implementation). The expressions can be modified to avoid quantification nesting, or program modified to limit size of input passed to regular expression engine. We do not currently plan to fix these flaws. If more information becomes available at a future date, we may revisit these issues. These issues affect the versions of the glibc package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. Closing as not a bug due conclusion in: [1] https://bugzilla.redhat.com/show_bug.cgi?id=645859#c6 |