[pcre-dev] [Bug 1889] PCRE2 Heap Overflow Vulnerability

Startseite
Nachricht löschen
Autor: admin
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 1889] PCRE2 Heap Overflow Vulnerability
https://bugs.exim.org/show_bug.cgi?id=1889

Petr Pisar <ppisar@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ppisar@???


--- Comment #1 from Petr Pisar <ppisar@???> ---
That because the regexp is not in UTF-8 and you disabled the UTF-8 validation
explicitly:

# hexdump -C bufover_1_min 
00000000  2f d4 83 a4 9c a4 9c b0  3f 2f 6e 6f 5f 75 74 66  |/.......?/no_utf|
00000010  5f 63 68 65 63 6b 2c 75  74 66                    |_check,utf|
0000001a
# LC_ALL=C  iconv -f utf-8 -t utf-8 < bufover_1_min 
/ԃiconv: illegal input sequence at position 3


Then the library can crash because it takes assumptions about valid UTF-8 byte
strings.

--
You are receiving this mail because:
You are on the CC list for the bug.