In the GNU C Library (aka glibc) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern. Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24269
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1684375]
Upstream does not classify this as a security flaw as per: https://sourceware.org/glibc/wiki/Security%20Exceptions "Consequently, resource exhaustion issues which can be triggered only with crafted patterns (either during compilation or execution) are not treated as security bugs. (This does not mean we do not intend to fix such issues as regular bugs if possible.) "