GNU C Library "regcomp()" Stack Overflow Denial of Service
Release Date : 2010-12-08
Criticality level : Not critical
Where : From remote
Solution Status : Unpatched
Software: GNU C Library (glibc) 2.x
A vulnerability has been discovered in the GNU C Library, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a stack overflow within the implementation of the "regcomp()" function when processing certain regular expressions, which can be exploited to cause a crash in an application using this function on specially crafted regular expressions.
The vulnerability is confirmed in version 2.12.1. Other versions may also be affected.
Do not use the "regcomp()" function on untrusted input.
Provided and/or discovered by:
US-CERT credits Maksymilian Arciemowicz.