CVE-2015-1345 – grep: heap buffer overrun
https://notcve.org/view.php?id=CVE-2015-1345
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. La función bmexec_trans en kwset.c en grep 2.19 hasta 2.21 permite a usuarios locales causar una denegación de servicio (lectura de la memoria dinámica fuera de rango y caída) a través de entradas manipuladas cuando se utiliza la opción -F. A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. • http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19563 http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2 http://lists.opensuse.org/opensuse-updates/2015-02/msg00037.html http://rhn.redhat.com/errata/RHSA-2015-1447.html http://www.openwall.com/lists/oss-security/2015/01/22/10 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72281 https://access.redhat.com/security/cve/CVE-2015-1345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2012-5667 – Grep < 2.11 - Integer Overflow Crash (PoC)
https://notcve.org/view.php?id=CVE-2012-5667
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. Múltiples desbordamientos de enteros en GNU Grep antes de v2.11 podría permitir a atacantes locales o remotos ejecutar código arbitrario a través de vectores relacionados con una larga línea de entrada que dispara un desbordamiento de búfer basado en memoria dinámica. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. Grep versions prior to 2.11 suffer from an integer overflow vulnerability. • https://www.exploit-db.com/exploits/23779 http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91 http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189 http://git.sv.gnu.org/gitweb/?p=grep.git%3Ba=shortlog%3Bh=v2.11 http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html http://openwall.com/lists/oss-security/2012/12/22/6 http://rhn.redhat.com/errata/RHSA-2015-1447.html http://www.security • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •