{"id":"DEBIAN-CVE-2018-20796","details":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.","modified":"2026-04-28T20:21:00.987785Z","published":"2019-02-26T02:29:00.450Z","upstream":["CVE-2018-20796"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2018-20796"}],"affected":[{"package":{"name":"glibc","ecosystem":"Debian:11","purl":"pkg:deb/debian/glibc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.31-13","2.31-13+deb11u1","2.31-13+deb11u10","2.31-13+deb11u11","2.31-13+deb11u12","2.31-13+deb11u13","2.31-13+deb11u2","2.31-13+deb11u3","2.31-13+deb11u4","2.31-13+deb11u5","2.31-13+deb11u6","2.31-13+deb11u7","2.31-13+deb11u8","2.31-13+deb11u9","2.31-13+hurd.1","2.31-13+hurd.2","2.31-13+hurd.3","2.31-13+qemu","2.31-14","2.31-15","2.31-16","2.31-17","2.31-17~0","2.31-18~0","2.32-0experimental0","2.32-0experimental1","2.32-1","2.32-2","2.32-2+qemu","2.32-3","2.32-4","2.32-5","2.33-0experimental0","2.33-0experimental1","2.33-0experimental2","2.33-0experimental3","2.33-1","2.33-1+qemu","2.33-2","2.33-2+qemu","2.33-2+qemu1","2.33-2~0","2.33-2~1","2.33-2~2","2.33-2~3","2.33-3","2.33-3~0","2.33-4","2.33-5","2.33-6","2.33-7","2.33-8","2.33-8~0","2.34-0experimental0","2.34-0experimental1","2.34-0experimental2","2.34-0experimental3","2.34-0experimental4","2.34-0experimental5","2.34-1","2.34-2","2.34-3","2.34-4","2.34-5","2.34-5~0","2.34-6","2.34-7","2.34-7+qemu","2.34-8","2.34-8~0","2.34-9~0","2.35-0experimental0","2.35-0experimental1","2.35-0experimental2","2.35-0experimental3","2.35-0experimental3+qemu","2.35-1","2.35-1+sparc64","2.35-2","2.35-3","2.35-4","2.36-1","2.36-10~0","2.36-2","2.36-3","2.36-4","2.36-4+ports","2.36-5","2.36-6","2.36-7","2.36-7~0","2.36-7~1","2.36-8","2.36-8+alpha1","2.36-9","2.36-9+loong64","2.36-9~1","2.36-9~2","2.36-9~3","2.37-1","2.37-10","2.37-11","2.37-12","2.37-13","2.37-14","2.37-15","2.37-15.1","2.37-15.1+sh4","2.37-15~deb13u1","2.37-16","2.37-17","2.37-18","2.37-19","2.37-2","2.37-3","2.37-4","2.37-5","2.37-6","2.37-7","2.37-8","2.37-9","2.38-1","2.38-10","2.38-11","2.38-12","2.38-12.1","2.38-13","2.38-14","2.38-15~0","2.38-15~1","2.38-2","2.38-3","2.38-4","2.38-5","2.38-6","2.38-7","2.38-7~0+hurd.1","2.38-8","2.38-9","2.39-1","2.39-2","2.39-3","2.39-3.1","2.39-4","2.39-5","2.39-6","2.39-6+hurd.1","2.39-6+sh4","2.39-7","2.39-7+sh4","2.39-7~0","2.39-8~0","2.40-1","2.40-2","2.40-2+sh4","2.40-3","2.40-3+sh4","2.40-4","2.40-5","2.40-5~hurd.1","2.40-6","2.40-6~1","2.40-7","2.41-1","2.41-10","2.41-11","2.41-12","2.41-13~hurd.0","2.41-13~hurd.1","2.41-2","2.41-3","2.41-4","2.41-4~0","2.41-5","2.41-5~0","2.41-6","2.41-7","2.41-8","2.41-8~0","2.41-8~1","2.41-9","2.41-9~0","2.41-9~1","2.42-1","2.42-10","2.42-11","2.42-12","2.42-12~hurd.1","2.42-13","2.42-14","2.42-14~hurd.1","2.42-15","2.42-15~hurd.1","2.42-2","2.42-3","2.42-4","2.42-5","2.42-6","2.42-7","2.42-8","2.42-8~hurd.1","2.42-8~hurd.2","2.42-9","2.43-1","2.43-2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-20796.json"}},{"package":{"name":"glibc","ecosystem":"Debian:12","purl":"pkg:deb/debian/glibc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.36-10~0","2.36-9","2.36-9+deb12u1","2.36-9+deb12u10","2.36-9+deb12u11","2.36-9+deb12u12","2.36-9+deb12u13","2.36-9+deb12u2","2.36-9+deb12u3","2.36-9+deb12u4","2.36-9+deb12u5","2.36-9+deb12u6","2.36-9+deb12u7","2.36-9+deb12u8","2.36-9+deb12u9","2.36-9+loong64","2.37-1","2.37-10","2.37-11","2.37-12","2.37-13","2.37-14","2.37-15","2.37-15.1","2.37-15.1+sh4","2.37-15~deb13u1","2.37-16","2.37-17","2.37-18","2.37-19","2.37-2","2.37-3","2.37-4","2.37-5","2.37-6","2.37-7","2.37-8","2.37-9","2.38-1","2.38-10","2.38-11","2.38-12","2.38-12.1","2.38-13","2.38-14","2.38-15~0","2.38-15~1","2.38-2","2.38-3","2.38-4","2.38-5","2.38-6","2.38-7","2.38-7~0+hurd.1","2.38-8","2.38-9","2.39-1","2.39-2","2.39-3","2.39-3.1","2.39-4","2.39-5","2.39-6","2.39-6+hurd.1","2.39-6+sh4","2.39-7","2.39-7+sh4","2.39-7~0","2.39-8~0","2.40-1","2.40-2","2.40-2+sh4","2.40-3","2.40-3+sh4","2.40-4","2.40-5","2.40-5~hurd.1","2.40-6","2.40-6~1","2.40-7","2.41-1","2.41-10","2.41-11","2.41-12","2.41-13~hurd.0","2.41-13~hurd.1","2.41-2","2.41-3","2.41-4","2.41-4~0","2.41-5","2.41-5~0","2.41-6","2.41-7","2.41-8","2.41-8~0","2.41-8~1","2.41-9","2.41-9~0","2.41-9~1","2.42-1","2.42-10","2.42-11","2.42-12","2.42-12~hurd.1","2.42-13","2.42-14","2.42-14~hurd.1","2.42-15","2.42-15~hurd.1","2.42-2","2.42-3","2.42-4","2.42-5","2.42-6","2.42-7","2.42-8","2.42-8~hurd.1","2.42-8~hurd.2","2.42-9","2.43-1","2.43-2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-20796.json"}},{"package":{"name":"glibc","ecosystem":"Debian:13","purl":"pkg:deb/debian/glibc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.41-12","2.41-12+deb13u1","2.41-12+deb13u2","2.41-13~hurd.0","2.41-13~hurd.1","2.42-1","2.42-10","2.42-11","2.42-12","2.42-12~hurd.1","2.42-13","2.42-14","2.42-14~hurd.1","2.42-15","2.42-15~hurd.1","2.42-2","2.42-3","2.42-4","2.42-5","2.42-6","2.42-7","2.42-8","2.42-8~hurd.1","2.42-8~hurd.2","2.42-9","2.43-1","2.43-2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-20796.json"}},{"package":{"name":"glibc","ecosystem":"Debian:14","purl":"pkg:deb/debian/glibc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.41-12","2.41-13~hurd.0","2.41-13~hurd.1","2.42-1","2.42-10","2.42-11","2.42-12","2.42-12~hurd.1","2.42-13","2.42-14","2.42-14~hurd.1","2.42-15","2.42-15~hurd.1","2.42-2","2.42-3","2.42-4","2.42-5","2.42-6","2.42-7","2.42-8","2.42-8~hurd.1","2.42-8~hurd.2","2.42-9","2.43-1","2.43-2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-20796.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}