Hercules Augeas Null Pointer Dereference Vulnerability in Regular Expression Handling

A null pointer dereference vulnerability has been identified in Hercules Augeas version 1.14.1. The issue arises in the 're_case_expand' function within 'src/fa.c', where the 'fa_expand_nocase' function fails to validate a pointer before use. This oversight allows for a null pointer to be dereferenced, leading to a segmentation fault and potential application crash. The vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application.

Reproduction

The vulnerability can be reproduced by compiling Augeas with AddressSanitizer enabled, using Clang as the compiler. After building the application, the 'fa_expand_nocase' function can be called with a crafted input that manipulates the regular expression parsing, triggering the null pointer dereference. This can be done using a fuzzing harness that automates the process of sending such inputs to the function.

Remediation

Users are advised to update to the patched version of Hercules Augeas, which is available on the official GitHub repository.