CVE-2017-9728

Name of the Vulnerable Software and Affected Versions uClibc version 0.9.33.2

Description The issue is related to the get subexp function in the misc/regex/regexec.c file of the uClibc library, which is associated with regular expression processing. Exploitation of this issue may allow a remote attacker to perform an out-of-bounds memory read using a specially crafted regular expression.

Recommendations For uClibc version 0.9.33.2, consider restricting the use of the get subexp function in misc/regex/regexec.c until a patch is available. As a temporary workaround, avoid using crafted regular expressions that may trigger the out-of-bounds read in the get subexp function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.