Candidate: CVE-2015-8985 PublicDate: 2017-03-20 16:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985 Description: The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. Ubuntu-Description: Notes: sbeattie> PoC testcase in upstream bug report sbeattie> fix commit possibly introduced regression addressed by bc680b336971305cb39896b30d72dc7101b62242 Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=21163 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392 Priority: negligible Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H [5.9 MEDIUM] nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H [5.9 MEDIUM] Patches_eglibc: upstream_eglibc: needed precise_eglibc: ignored (reached end-of-life) precise/esm_eglibc: ignored (end of ESM support, was needs-triage) trusty_eglibc: ignored (reached end-of-life) trusty/esm_eglibc: needs-triage vivid/ubuntu-core_eglibc: DNE vivid/stable-phone-overlay_eglibc: DNE xenial_eglibc: DNE yakkety_eglibc: DNE zesty_eglibc: DNE artful_eglibc: DNE bionic_eglibc: DNE cosmic_eglibc: DNE disco_eglibc: DNE eoan_eglibc: DNE focal_eglibc: DNE groovy_eglibc: DNE hirsute_eglibc: DNE impish_eglibc: DNE jammy_eglibc: DNE devel_eglibc: DNE Patches_glibc: upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672 upstream_glibc: released (2.28) precise_glibc: DNE precise/esm_glibc: DNE trusty_glibc: DNE trusty/esm_glibc: DNE vivid/ubuntu-core_glibc: ignored (reached end-of-life) vivid/stable-phone-overlay_glibc: ignored (reached end-of-life) xenial_glibc: ignored (end of standard support, was needed) esm-infra/xenial_glibc: needed yakkety_glibc: ignored (reached end-of-life) zesty_glibc: ignored (reached end-of-life) artful_glibc: ignored (reached end-of-life) bionic_glibc: needed cosmic_glibc: not-affected (2.28-0ubuntu1) disco_glibc: not-affected (2.28-0ubuntu1) eoan_glibc: not-affected (2.28-0ubuntu1) focal_glibc: not-affected (2.28-0ubuntu1) groovy_glibc: not-affected (2.28-0ubuntu1) hirsute_glibc: not-affected (2.28-0ubuntu1) impish_glibc: not-affected (2.28-0ubuntu1) jammy_glibc: not-affected (2.28-0ubuntu1) devel_glibc: not-affected (2.28-0ubuntu1)