Published: 20/03/2017 Updated: 31/03/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent malicious users to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc

Debian Bug report logs - #779392 glibc: CVE-2015-8985: potential denial of service in pop_fail_stack() Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Sat, 28 Feb 2015 00: ...

In the GNU C Library (aka glibc or libc6) before 228, parse_reg_exp in posix/regcompc misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match (CVE-2009-5155) The pop_fail_stack function in the GNU C Library (aka gl ...

The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing ...

CWE-19 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392 http://www.securityfocus.com/bid/76916 http://www.openwall.com/lists/oss-security/2017/02/14/9 https://security.gentoo.org/glsa/201908-06 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2022-1869.html

CVE-2015-8985

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect