Bug 1183651 (CVE-2015-1345) - CVE-2015-1345 grep: heap buffer overrun
Summary: CVE-2015-1345 grep: heap buffer overrun
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-1345
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1185440 (view as bug list)
Depends On: 1183653 1194315 1194322
Blocks: 1183652 1185168 1193283 1210268
TreeView+ depends on / blocked
 
Reported: 2015-01-19 11:56 UTC by Vasyl Kaigorodov
Modified: 2021-02-17 05:47 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory.
Clone Of:
Environment:
Last Closed: 2015-11-20 05:58:41 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1447 0 normal SHIPPED_LIVE Low: grep security, bug fix, and enhancement update 2015-07-20 18:43:55 UTC
Red Hat Product Errata RHSA-2015:2111 0 normal SHIPPED_LIVE Low: grep security and bug fix update 2015-11-19 08:18:28 UTC

Description Vasyl Kaigorodov 2015-01-19 11:56:15 UTC
It was reported [1] that invoking grep with a carefully crafted combination of input and regexp can cause a segfault and/or reading from uninitialized memory.

Upstream bugreport: http://bugs.gnu.org/19563
Upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2

[1]: http://seclists.org/oss-sec/2015/q1/179

Comment 1 Vasyl Kaigorodov 2015-01-19 11:57:34 UTC
Created grep tracking bugs for this issue:

Affects: fedora-all [bug 1183653]

Comment 2 Yaakov Selkowitz 2015-01-23 18:50:22 UTC
This has been assigned CVE-2015-1345[1].

[1] http://seclists.org/oss-sec/2015/q1/221

Comment 3 Kurt Seifried 2015-01-23 20:14:47 UTC
*** Bug 1185440 has been marked as a duplicate of this bug. ***

Comment 4 Fedora Update System 2015-01-26 02:39:18 UTC
grep-2.21-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Vasyl Kaigorodov 2015-07-14 12:15:29 UTC
Statement:

This issue did not affect versions of grep as shipped in Red Hat Enterprise Linux 5.

Comment 7 errata-xmlrpc 2015-07-22 06:18:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1447 https://rhn.redhat.com/errata/RHSA-2015-1447.html

Comment 9 errata-xmlrpc 2015-11-19 06:56:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2111 https://rhn.redhat.com/errata/RHSA-2015-2111.html


Note You need to log in before you can comment on or make changes to this bug.