The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
http://seclists.org/oss-sec/2017/q4/119 https://sourceware.org/bugzilla/show_bug.cgi?id=22325 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f1cf98b583787cfb6278baea46e286a0ee7567fd https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=6803dda53781f7da920f568a31610d41e5c3a351