https://bugs.exim.org/show_bug.cgi?id=2079
Bug ID: 2079
Summary: heapb based buffer overflow write in
pcre2_get_error_message_32
Product: PCRE
Version: 10.23 (PCRE2)
Hardware: x86-64
OS: Linux
Status: NEW
Severity: security
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: ago@???
CC: pcre-dev@???
Created attachment 1007
-->
https://bugs.exim.org/attachment.cgi?id=1007&action=edit
stacktrace
Hello,
I found an heap overflow write through fuzzing.
It was tested on version 10.23, compiled with clang-3.9.1
Output, included stacktrace in attachment.
Command to reproduce:
# pcretest -d -i -32 $FILE
Reproducer:
https://github.com/asarubbo/poc/blob/master/00220-pcre2-heapoverflow-pcre2_get_error_message_32
( I know that is preferable attach reproducer here, but this link won't expire
in the future )
If someone think that it will expire, feel free to download it and reattach it
here.
--
You are receiving this mail because:
You are on the CC list for the bug.
