Note:
This project will be discontinued after December 13, 2021. [more]
2017-02-17
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
Products | Fedora, Ed |
Type | Use After Free (CWE-416) |
First patch | - None (likely due to unavailable code) |
Links |
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/
• https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html • http://www.openwall.com/lists/oss-security/2017/01/12/7 • http://www.securityfocus.com/bid/95422 • http://www.openwall.com/lists/oss-security/2017/01/13/3 |