The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-02-12
Updated
2018-10-30
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
Max CVSS
4.4
EPSS Score
0.73%
Published
2013-01-03
Updated
2016-12-24
2 vulnerabilities found