bug#66835: Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function.

Tue, 07 Nov 2023 16:38:44 -0800

Thanks. This is a bug in the glibc regular expression matcher. It's part of a well known series of bugs. See, for example: 

https://sourceware.org/bugzilla/show_bug.cgi?id=12896
https://sourceware.org/bugzilla/show_bug.cgi?id=17356
It's not of much practical concern since the attacker should not have control of B in invocations like 'expr "$A" : "$B"'.

Reply via email to