CVE-2015-1345

Published: 12 February 2015

The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.

Notes

Author	Note
mdeslaur	introduced in v2.18-90-g73893ff

Priority

Status

Package	Release	Status
grep Launchpad, Ubuntu, Debian	lucid	Not vulnerable (2.5.4-4build1)
	precise	Not vulnerable (2.10-1)
	trusty	Not vulnerable (2.16-1)
	upstream	Released (2.20-4.1)
	wily	Not vulnerable (2.21-2)
	xenial	Not vulnerable (2.24-1)
	Patches: upstream: http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2

References

https://www.cve.org/CVERecord?id=CVE-2015-1345
NVD
Launchpad
Debian

Bugs

http://bugs.gnu.org/19563
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776039

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›