[pcre-dev] CVE-2017-16231 report

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
ph10 at ->
Delete this message
Author: 张家旺
Date:  
To: pcre-dev
Subject: [pcre-dev] CVE-2017-16231 report
CVE-2017-16231
> [Suggested description]
> In PCRE 8.41,
> after compiling, a pcretest load test PoC produces a crash overflow
> in the function match() in pcre_exec.c because of a self-recursive call.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> Perl Compatible Regular Expressions
>
> ------------------------------------------
>
> [Affected Product Code Base]
> PCRE - 8.41
>
> ------------------------------------------
>
> [Affected Component]
> file:pcre_exec.c
> function match() line 983 and line 2061
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> A crash file
>
> ------------------------------------------
>
> [Discoverer]
> ZHANG JIAWANG from cncert

.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 2182] Lookahead behaving as though a match succeeded in a null-matching repeated group[pcre-dev] [Bug 2185] New: a crash overflow in the function match() line 983 and line 2061 in pcre_exec.c because of a self-recursive call->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)