Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare revisions
  • Issues 162
    • Issues 162
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 17
    • Merge requests 17
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie LinuxAdélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #281
Closed
Open
Issue created May 05, 2020 by Emily@emily🤖

user/re2c: CVE-2018-21232: find_fixed_tags infinite recursion

Bugzilla ID 281
Alias(es) CVE-2018-21232
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2020-05-04 23:21:07 -0500
Modified 2020-06-22 06:09:48 -0500
Status CONFIRMED
Version 1.0-RC1
Hardware Adélie Linux / All
Importance --- / minor
Package(s) user/re2c
URL https://nvd.nist.gov/vuln/detail/CVE-2018-21232

Description

CVE-2018-21232: https://nvd.nist.gov/vuln/detail/CVE-2018-21232

re2c before 2.0 has uncontrolled recursion that causes stack
consumption in find_fixed_tags.

See also:
https://www.openwall.com/lists/oss-security/2020/04/27/2
https://github.com/skvadrik/re2c/issues/219

There are several patches for this but upstream doesn't seem to consider it fixed yet, and since it's minor we'll sit on it for now.

Edited Nov 04, 2021 by Zach van Rijn
Assignee
Assign to
Time tracking