Chet Ramey wrote in <bbfbaa44-8d6f-cbe3-d0cf-1feeb5685...@case.edu>: |On 3/30/22 11:16 AM, willi1337 bald wrote: |> Bash Version: 5.1 |> Patch Level: 16 |> Release Status: release |> |> Description: |> |> A deeply nested and incorrect regex expression can cause exhaustion of |> stack resources, which crashes the bash process. | |Bash doesn't use it's own regexp engine; it uses whatever POSIX regexp |functions are provided by the C library (regcomp/regexec/regfree/regerror).
Once there was that ???FTP CVE regarding recursion, what they did was simply counting *'s in the expression string, and restricting it to three occasions per expression. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)