CVE-2015-1345

Published: Feb 12, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.

Affected (4)

Products: Gnu: Grep · Opensuse: Opensuse

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gnu Grep	Version 2.19
Gnu Grep	Version 2.20
Gnu Grep	Version 2.21

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.2

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19563

Source: cve@mitre.org

Exploit

http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-02/msg00037.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1447.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/01/22/10

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/72281

Source: cve@mitre.org

http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19563