user/re2c: CVE-2018-21232: find_fixed_tags infinite recursion
Bugzilla ID | 281 |
Alias(es) | CVE-2018-21232 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-05-04 23:21:07 -0500 |
Modified | 2020-06-22 06:09:48 -0500 |
Status | CONFIRMED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / minor |
Package(s) | user/re2c |
URL | https://nvd.nist.gov/vuln/detail/CVE-2018-21232 |
Description
CVE-2018-21232: https://nvd.nist.gov/vuln/detail/CVE-2018-21232
re2c before 2.0 has uncontrolled recursion that causes stack
consumption in find_fixed_tags.
See also:
https://www.openwall.com/lists/oss-security/2020/04/27/2
https://github.com/skvadrik/re2c/issues/219
There are several patches for this but upstream doesn't seem to consider it fixed yet, and since it's minor we'll sit on it for now.