← Back to team overview

touch-packages team mailing list archive

[Bug 1526548] [NEW] grep 2.22 infinite loop

 

*** This bug is a security vulnerability ***

Public security bug reported:

Christian Boltz discovered that grep 2.22 can be sent into an infinite
loop. 2.21 does not have this issue. The reproducer we have available so
far:

grep -obUa -P '\x04\x08\x00profile\x00\x07' /etc/apparmor.d/cache/*

Probably one of the files in that directory will report infinite output
in the style of:

# grep -obUa -P '\x04\x08\x00profile\x00\x07' cache--usr.sbin.smbldap-useradd  
16profile
27801profile
27801profile
27801profile
27801profile
27801profile
...

Thanks

** Affects: grep (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to grep in Ubuntu.
https://bugs.launchpad.net/bugs/1526548

Title:
  grep 2.22 infinite loop

Status in grep package in Ubuntu:
  New

Bug description:
  Christian Boltz discovered that grep 2.22 can be sent into an infinite
  loop. 2.21 does not have this issue. The reproducer we have available
  so far:

  grep -obUa -P '\x04\x08\x00profile\x00\x07' /etc/apparmor.d/cache/*

  Probably one of the files in that directory will report infinite
  output in the style of:

  # grep -obUa -P '\x04\x08\x00profile\x00\x07' cache--usr.sbin.smbldap-useradd  
  16profile
  27801profile
  27801profile
  27801profile
  27801profile
  27801profile
  ...

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1526548/+subscriptions


Follow ups