On 5/13/25 7:14 PM, Александр Ушаков wrote:
Dear Bash maintainers,
I recently reported a NULL-pointer dereference issues (leading to a
segmentation fault) in Bash 5.2. Thank you for confirming the bug and
worked on a fix.
Could you clarify whether a CVE will be assigned for this vulnerabili
On Wed, 14 May 2025, 11:14 Александр Ушаков, wrote:
> For reference, I believe this qualifies for a CVE because:
> * It is a reproducible crash (DoS) in a security-sensitive component
> (command interpreter).
>
By this logic, there should be a CVE for gcc because when you give it « int
main (){
Dear Bash maintainers,
I recently reported a NULL-pointer dereference issues (leading to a
segmentation fault) in Bash 5.2. Thank you for confirming the bug and worked on
a fix.
Could you clarify whether a CVE will be assigned for this vulnerability? If so,
would you like me to request one th
On 5/1/25 11:30 AM, Grisha Levit wrote:
After fix pushed today, can be simplified to:
./bash -n <<< 'f["$$(] f["$$(y=("("]'
ERROR: AddressSanitizer: SEGV on unknown address 0x
I'll push a fix before I leave for vacation Sunday.
--
``The lyf so short, the craft so long
On Fri, Apr 25, 2025, 16:30 Александр Ушаков wrote:
> I encountered an issue in Bash and would like to report it. crash3.txt is
> attached to the email. So this problem also appers after require my fix in my
> previous letter (SourceAv in rewind_input_string when trying to compare with
> rvalue
