CVE-2017-15671 - log back

CVE-2017-15671 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
References
+ http://seclists.org/oss-sec/2017/q4/119
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22325
+ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f1cf98b583787cfb6278baea46e286a0ee7567fd
+ https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=6803dda53781f7da920f568a31610d41e5c3a351
Notes