------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1515
Summary: PCRE Call Stack Overflow Vulnerability
Product: PCRE
Version: 8.35
Platform: All
OS/Version: All
Status: NEW
Severity: security
Priority: medium
Component: Code
AssignedTo: ph10@???
ReportedBy: rubymail@???
CC: pcre-dev@???
Created an attachment (id=745)
--> (
http://bugs.exim.org/attachment.cgi?id=745)
regular expression to reproduce the crash
PCRE Call Stack Overflow Vulnerability
------------------------------------------------------------------
I. Summary
PCRE library is prone to a vulnerability which leads to Stack Overflow. Without
enough bound checking inside compile_regex(), the stack memory could be
overflowed via a crafted regular expression. Since PCRE library is widely used,
this vulnerability should affect many applications. An attacker may exploit
this issue to DOS the user running the affected application.
------------------------------------------------------------------
II. Description
PCRE is a regular expression C library inspired by the regular expression
capabilities in the Perl programming language. The PCRE library is incorporated
into a number of prominent programs, such as the Adobe Flash, Apache HTTP
Server, Nginx HTTP Serer and PHP scripting languages. Latest version of PCRE is
prone to a Stack Overflow vulnerability which could caused by the following
regular expression.
/((?(R)a|(?1)))*/
To reproduce the problem, we could use pcretest provide by PCRE library or
applications which is wrapped with PCRE such as PHP.
For pcretest, simply type the regular expression after the re>
For PHP, latest version of PHP 5.5/5.6 (wrapped with PCRE 8.35) could be
triggered by following code snippet.
<?php
preg_match("/((?(R)a|(?1)))*/","abcd",$arr);
?>
Other versions and applications may also be affected. Although it cause
could_be_empty_branch() to recursively call itself forever, this is a different
bug from
http://bugs.exim.org/show_bug.cgi?id=1503.
------------------------------------------------------------------
III. Impact
Stack Overflow
------------------------------------------------------------------
IV. Affected
Latest version of PCRE library.
Other versions and applications may also be affected.
------------------------------------------------------------------
V. Solution
There is no known workaround at this time.
------------------------------------------------------------------
VI. Credit
Wen Guanxing from Venustech is credited for this vulnerability.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
