CVE-2017-5357

CWE-416Use After Free7 documents6 sources
Severity
7.5HIGH
EPSS
1.0%
top 22.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU EDFedoraproject Fedora
Timeline
PublishedFeb 17
Latest updateMay 17

Description

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDgnu/ed1.14

Also affects: Fedora 25

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-3vq6-cwx3-x994: regex2022-05-17
CVEList
CVE-2017-5357: regex2017-02-16

📋Vendor Advisories

2
Red Hat
ed: Invalid free in regex.c2017-01-12
Debian
CVE-2017-5357: ed - regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (c...2017

💬Community

2
Bugzilla
CVE-2017-5357 ed: Invalid free in regex.c2017-01-17
Bugzilla
CVE-2017-5357 ed: Invalid free in regex.c [fedora-all]2017-01-17
CVE-2017-5357 (HIGH CVSS 7.5) | regex.c in GNU ed before 1.14.1 all | cvebase.io