First Last Prev Next    This bug is not in your last search results.
Bug 1044858 - (CVE-2017-9729) VUL-1: CVE-2017-9729: uClibc: Stack exhaustion (uncontrolled recursion) in thecheck_dst_limits_calc_pos_1
(CVE-2017-9729)
VUL-1: CVE-2017-9729: uClibc: Stack exhaustion (uncontrolled recursion) in th...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/187012/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-19 06:57 UTC by Johannes Segitz
Modified: 2017-08-03 10:01 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-06-19 06:57:27 UTC 
CVE-2017-9729

In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the
check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a
crafted regular expression.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9729
http://www.cvedetails.com/cve/CVE-2017-9729/
Comment 1 Ismail Dönmez 2017-08-02 10:56:56 UTC 
I am not the maintainer and this package should be dropped from 42.2, already removed from TW.
Comment 2 Bernhard Wiedemann 2017-08-02 14:01:47 UTC 
This is an autogenerated message for OBS integration:
This bug (1044858) was mentioned in
https://build.opensuse.org/request/show/514039 42.3 / lifecycle-data
Comment 3 Bernhard Wiedemann 2017-08-03 08:00:22 UTC 
This is an autogenerated message for OBS integration:
This bug (1044858) was mentioned in
https://build.opensuse.org/request/show/514155 42.3 / lifecycle-data
Comment 4 Andreas Stieger 2017-08-03 08:45:50 UTC 
No maintainer, deprecated upstream.
Marked as deprecated in 42.3 lifecycle data.
Comment 5 Bernhard Wiedemann 2017-08-03 10:01:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1044858) was mentioned in
https://build.opensuse.org/request/show/514160 42.3 / lifecycle-data
First Last Prev Next    This bug is not in your last search results.