{"vuid":"VU#912279","idnumber":"912279","name":"GNU libc regcomp() stack exhaustion denial of service","keywords":["GNU","libc","regcomp3","Extended Regular Expression","Stack Overflow"],"overview":"The regcomp() function of GNU libc is susceptible to stack exhaustion which may result in a denial of service.","clean_desc":"It is possible to trigger deep recursion which results in stack exhaustion. An example trigger is:  grep -E \".*{10,}{10,}{10,}{10,}{10,}\"","impact":"An attacker may be able to trigger a denial of service in applications that accept regular expressions.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Thanks to Maksymilian Arciemowicz for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":[],"cveids":["CVE-2010-4051","CVE-2010-4052"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-10-20T18:24:25Z","publicdate":"2010-12-07T00:00:00Z","datefirstpublished":"2010-12-07T18:22:52Z","dateupdated":"2010-12-08T20:06:46Z","revision":13,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"5","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"4","cam_impact":"3","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.18","cam_scorecurrentwidelyknown":"0.5175","cam_scorecurrentwidelyknownexploited":"0.9675","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.18,"vulnote":null}