[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Report 3 bugs discoverd in gawk involving gnulib

From: Paul Eggert
Subject: Re: Report 3 bugs discoverd in gawk involving gnulib
Date: Wed, 3 Aug 2022 09:06:58 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

On 8/3/22 02:38, YU Jiongchi wrote:
Greetings, I have found 3 different stack overflow vulnerabilities in gawk. The 
developer mentioned that these bugs come from the gnulibs. The bugs report and 
POC files are attached in the attachment. Please feel free to contact me.

Yes, this sort of problem is well-known. On most platforms these days the stack overflow is detected and the program aborted. On the remaining platforms the answer is "Don't do that", i.e., don't give potential attackers control of regular expressions that might cause excessive stack growth.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]