[pcre-dev] CVE-2017-16231 report

Top Page
Delete this message
Author: 张家旺
Date:  
To: pcre-dev
Subject: [pcre-dev] CVE-2017-16231 report
CVE-2017-16231
> [Suggested description]
> In PCRE 8.41,
> after compiling, a pcretest load test PoC produces a crash overflow
> in the function match() in pcre_exec.c because of a self-recursive call.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> Perl Compatible Regular Expressions
>
> ------------------------------------------
>
> [Affected Product Code Base]
> PCRE - 8.41
>
> ------------------------------------------
>
> [Affected Component]
> file:pcre_exec.c
> function match() line 983 and line 2061
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> A crash file
>
> ------------------------------------------
>
> [Discoverer]
> ZHANG JIAWANG from cncert


.