On 8/3/22 02:38, YU Jiongchi wrote:
Greetings, I have found 3 different stack overflow vulnerabilities in gawk. The developer mentioned that these bugs come from the gnulibs. The bugs report and POC files are attached in the attachment. Please feel free to contact me.
Yes, this sort of problem is well-known. On most platforms these days the stack overflow is detected and the program aborted. On the remaining platforms the answer is "Don't do that", i.e., don't give potential attackers control of regular expressions that might cause excessive stack growth.
