Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "tre-agrep": "0.8.0-3+deb7u1ubuntu1", "libtre5-dbgsym": "0.8.0-3+deb7u1ubuntu1", "libtre5": "0.8.0-3+deb7u1ubuntu1", "tre-agrep-dbgsym": "0.8.0-3+deb7u1ubuntu1", "libtre-dev": "0.8.0-3+deb7u1ubuntu1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "tre-agrep": "0.8.0-4+deb8u1build0.16.04.1", "libtre5-dbgsym": "0.8.0-4+deb8u1build0.16.04.1", "libtre5": "0.8.0-4+deb8u1build0.16.04.1", "tre-agrep-dbgsym": "0.8.0-4+deb8u1build0.16.04.1", "libtre-dev": "0.8.0-4+deb8u1build0.16.04.1" } ] }