CVE Catalog

CVE-2018-20796

Low
Published: Translated: NVD NIST

Summary

In the GNU C Library (glibc) through version 2.29, there is uncontrolled recursion in the check_dst_limits_calc_pos_1 function in posix/regexec.c, which may lead to performance issues or application crashes.

Risk Assessment

Organizations may be vulnerable to DoS (Denial of Service) attacks due to uncontrolled recursion, potentially leading to service unavailability.

Recommendation

It is recommended to update the glibc library to the latest version to mitigate this vulnerability.

Original NVD description (English source)

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS