Re: Report 3 bugs discoverd in gawk involving gnulib

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Report 3 bugs discoverd in gawk involving gnulib

From:	Paul Eggert
Subject:	Re: Report 3 bugs discoverd in gawk involving gnulib
Date:	Wed, 3 Aug 2022 09:06:58 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

On 8/3/22 02:38, YU Jiongchi wrote:

Greetings, I have found 3 different stack overflow vulnerabilities in gawk. The 
developer mentioned that these bugs come from the gnulibs. The bugs report and 
POC files are attached in the attachment. Please feel free to contact me.

Yes, this sort of problem is well-known. On most platforms these daysthe stack overflow is detected and the program aborted. On the remainingplatforms the answer is "Don't do that", i.e., don't give potentialattackers control of regular expressions that might cause excessivestack growth.

[Prev in Thread]

Current Thread

[Next in Thread]

Report 3 bugs discoverd in gawk involving gnulib, YU Jiongchi, 2022/08/03
- Re: Report 3 bugs discoverd in gawk involving gnulib, Paul Eggert <=
  - Re: Report 3 bugs discoverd in gawk involving gnulib, Bruno Haible, 2022/08/03

Prev by Date: Report 3 bugs discoverd in gawk involving gnulib
Next by Date: Re: Report 3 bugs discoverd in gawk involving gnulib
Previous by thread: Report 3 bugs discoverd in gawk involving gnulib
Next by thread: Re: Report 3 bugs discoverd in gawk involving gnulib
Index(es):
- Date
- Thread