grepgrep-2.21: 1 vulnerabilities (highest severity is: 4.0)

[mend-for-github-com]

Vulnerable Library - grepgrep-2.21

Gnu Distributions

Library home page: https://ftp.gnu.org/gnu/grep?wsslib=grep

Found in HEAD commit: c44e79751a9606bd11bd1704dee2684af7e4570b

Vulnerable Source Files (1)

/vendor/grep-2.21/src/kwset.c

Vulnerabilities

CVE	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (grepgrep version)	Remediation Possible**	Reachability
CVE-2015-1345	Medium	4.0	Not Defined	0.0%	grepgrep-2.21	Direct	2.22	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2015-1345

Vulnerable Library - grepgrep-2.21

Gnu Distributions

Library home page: https://ftp.gnu.org/gnu/grep?wsslib=grep

Found in HEAD commit: c44e79751a9606bd11bd1704dee2684af7e4570b

Found in base branch: main

Vulnerable Source Files (1)

/vendor/grep-2.21/src/kwset.c

Vulnerability Details

The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.

Publish Date: 2015-02-12

URL: CVE-2015-1345

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (4.0)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-1345

Release Date: 2015-02-12

Fix Resolution: 2.22