VDB
CVE-2018-20796
CVE-2018-20796
PUBLISHED
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
EPSS 1.31% · 80.1th percentile
Risk Scores
EPSS Score
1.31%
80.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | glibc | 2.23-0ubuntu11.3+esm8, 2.23-0ubuntu6, 2.23-0ubuntu9 |
| Ubuntu:Pro:20.04:LTS | glibc | 2.31-0ubuntu9.2, 2.31-0ubuntu9.3, 2.31-0ubuntu9.7 |
| Ubuntu:Pro:18.04:LTS | glibc | 2.27-3ubuntu1.6+esm2, 2.26-0ubuntu2, 2.27-0ubuntu2 |
| Ubuntu:Pro:14.04:LTS | eglibc | 2.19-0ubuntu6.1, 2.17-93ubuntu4, 2.18-0ubuntu6 |
Exploit Intelligence
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 (nist-nvd)
- https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html (nist-nvd)
- https://security.netapp.com/advisory/ntap-20190315-0002/ (circl)
- 107160 (circl)
- https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS (circl)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
…and 21 more exploits
Timeline
- Feb 26, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-20796 third-party-advisory
- https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-20796 third-party-advisory