https://bugs.exim.org/show_bug.cgi?id=2054
Bug ID: 2054
Summary: invalid memory read in _pcre32_xclass (pcre_xclass.c)
Product: PCRE
Version: 8.40
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: ago@???
CC: pcre-dev@???
Created attachment 995
-->
https://bugs.exim.org/attachment.cgi?id=995&action=edit
stacktrace
Hello,
I found an invalid memory read through fuzzing.
I don't know if it is related to bug 2052 / 2053
It was tested on version 8.40, compiled with clang-3.9.1
Since pcre_xclass.c is part of the library, you can consider it a security bug
and change the severity
Output, included stacktrace in attachment.
Command to reproduce:
# pcretest -32 -d $FILE
Reproducer:
https://github.com/asarubbo/poc/blob/master/00206-pcre-invalidread-_pcre32_xclass
( I know that is preferable attach reproducer here, but this link won't expire
in the future )
--
You are receiving this mail because:
You are on the CC list for the bug.