Re: [pcre-dev] query about buffer overflow bug in versiosns …

Top Page
Delete this message
Author: Nuno Lopes
Date:  
To: Rashmi Badan, pcre-dev
Subject: Re: [pcre-dev] query about buffer overflow bug in versiosns < 7.0
That means that PCRE < 7.0 have other (security-related) bugs, despite
possibly not having that particular bug.
Take a look at e.g.:
http://lists.exim.org/lurker/message/20080708.115511.15fe4a4a.en.html
http://lists.exim.org/lurker/message/20080708.132544.9db9cdaf.en.html

Nuno


----- Original Message -----
From: "Rashmi Badan" <rashmi.badan@???>
To: <pcre-dev@???>
Sent: Thursday, July 10, 2008 10:44 AM
Subject: [pcre-dev] query about buffer overflow bug in versiosns < 7.0


> Hi,
>
> I have a query regarding the recent buffer overflow bug meniotioned @ *
> http://bugs.gentoo.org/show_bug.cgi?id=228091<http://bugs.gentoo.org/show_bug.cgi?id=228091%29>
>
> *I do not see that piece of code in versions of the PCRE < 7.0, atleast
> the
> 'if' block containing the fix does not exist in these versions. Does this
> mean that this is not a vulnerability in these earlier versions ? Also,
> would it also mean that it is not a vulnerability in the much earlier
> versions like 3.0 as well ?
>
> Rgds,
> Rashmi