On 5/13/25 7:14 PM, Александр Ушаков wrote:
Dear Bash maintainers,
I recently reported a NULL-pointer dereference issues (leading to a
segmentation fault) in Bash 5.2. Thank you for confirming the bug and
worked on a fix.
Could you clarify whether a CVE will be assigned for this vulnerabili
On Wed, 14 May 2025, 11:14 Александр Ушаков, wrote:
> For reference, I believe this qualifies for a CVE because:
> * It is a reproducible crash (DoS) in a security-sensitive component
> (command interpreter).
>
By this logic, there should be a CVE for gcc because when you give it « int
main (){
Dear Bash maintainers,
I recently reported a NULL-pointer dereference issues (leading to a
segmentation fault) in Bash 5.2. Thank you for confirming the bug and worked on
a fix.
Could you clarify whether a CVE will be assigned for this vulnerability? If so,
would you like me to request one th
On 5/1/25 11:30 AM, Grisha Levit wrote:
After fix pushed today, can be simplified to:
./bash -n <<< 'f["$$(] f["$$(y=("("]'
ERROR: AddressSanitizer: SEGV on unknown address 0x
I'll push a fix before I leave for vacation Sunday.
--
``The lyf so short, the craft so long
On Fri, Apr 25, 2025, 16:30 Александр Ушаков wrote:
> I encountered an issue in Bash and would like to report it. crash3.txt is
> attached to the email. So this problem also appers after require my fix in my
> previous letter (SourceAv in rewind_input_string when trying to compare with
> rvalue
Dear Bash Maintainers,
I encountered an issue in Bash and would like to report it. crash3.txt is
attached to the email. So this problem also appers after require my fix in my
previous letter (SourceAv in rewind_input_string when trying to compare with
rvalue). But I found other input data (cras
