CVE-2018-21232: user/re2c: find_fixed_tags infinite recursion
| Bugzilla ID | 281 |
| Alias(es) | CVE-2018-21232 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-04 23:21:07 -0500 |
| Modified | 2020-06-22 06:09:48 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | user/re2c |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-21232 |
Description
CVE-2018-21232: https://nvd.nist.gov/vuln/detail/CVE-2018-21232
re2c before 2.0 has uncontrolled recursion that causes stack
consumption in find_fixed_tags.
See also:
https://www.openwall.com/lists/oss-security/2020/04/27/2
https://github.com/skvadrik/re2c/issues/219
There are several patches for this but upstream doesn't seem to consider it fixed yet, and since it's minor we'll sit on it for now.