Security vulnerabilities and automated fixes for glob issues
1 post found
A critical heap buffer overflow vulnerability was discovered and patched in glob/glob.c, where a crafted alternation pattern could cause memory corruption leading to crashes or arbitrary code execution. The flaw stems from missing bounds validation when copying pattern prefixes into a fixed-size heap buffer, compounded by two separate unsafe memory operations at lines 401 and 472-473. This fix eliminates a CWE-120 class vulnerability that could be exploited by any attacker capable of supplying a