[pcre-dev] [Bug 2293] New: Dos attack via control regex

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
M 
admin, mensaje del ->
Eliminar este mensaje
Autor: admin
Fecha:  
A: pcre-dev
Asunto: [pcre-dev] [Bug 2293] New: Dos attack via control regex
https://bugs.exim.org/show_bug.cgi?id=2293 

            Bug ID: 2293
           Summary: Dos attack via control regex
           Product: PCRE
           Version: 10.31 (PCRE2)
          Hardware: x86-64
                OS: All
            Status: NEW
          Severity: security
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: zp1in@???
                CC: pcre-dev@???


Created attachment 1092
--> https://bugs.exim.org/attachment.cgi?id=1092&action=edit
poc

Regex like `(?:(?!BB).)*` would crash the maintain software. Libpcre calls
`match` function recursively while match the regex and finally run out of the
stack memory.

If attackers controlled regex, he can easily make the program terminated. And
attackers can construct illegal data to Dos Attack program witch contains regex
like it.

--
You are receiving this mail because:
You are on the CC list for the bug.
Este mensaje se envió a las siguientes listas de correo:
Pcre-dev
Información de la lista de correo | Mensajes cercanos		<-Re: [pcre-dev] Incompatibility with different names for subpatterns of the same number[pcre-dev] [Bug 2293] Dos attack via control regex->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)