Re: [pcre-dev] Pcre-8.41 Bug buffer overflow

Top Page
Delete this message
Author: ph10
Date:  
To: ????
CC: pcre-dev
Subject: Re: [pcre-dev] Pcre-8.41 Bug buffer overflow
On Fri, 20 Oct 2017, ???? via Pcre-dev wrote:

>     I found a pcre-8.41 bug, and applied for CVE??CVE-2017-15641??, I
>     hope you confirm the vulnerability, details of the loopholes in
>     detail annex!


Thank you for the report.

A quick look at this suggests that the problem is in pcretest. This is a
test program for the PCRE library, and as such is not written to be
robust against all possible inputs. I will look at this some more in due
course, but as the 8.xx series is now in maintenance-only mode, I think
I will probably decide not to do anything, unless there is a very
trivial fix.

Philip

--
Philip Hazel