Benjin Liu

**Name of the Vulnerable Software and Affected Versions** uClibc version 0.9.33.2 **Description** The issue is related to stack exhaustion due to uncontrolled recursion in the `check dst limits calc pos 1` function, located in `misc/regex/regexec.c`, when the software processes a crafted regular expression. **Recommendations** For uClibc version 0.9.33.2, consider avoiding the use of crafted regular expressions until a patch is available. As a temporary workaround, restrict the use of the `check dst limits calc pos 1` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** uClibc version 0.9.33.2 **Description** The issue is related to the `get subexp` function in the `misc/regex/regexec.c` file of the uClibc library, which is associated with regular expression processing. Exploitation of this issue may allow a remote attacker to perform an out-of-bounds memory read using a specially crafted regular expression. **Recommendations** For uClibc version 0.9.33.2, consider restricting the use of the `get subexp` function in `misc/regex/regexec.c` until a patch is available. As a temporary workaround, avoid using crafted regular expressions that may trigger the out-of-bounds read in the `get subexp` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.