[pcre-dev] [Bug 2293] New: Dos attack via control regex

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
M 
admin à ->
Supprimer ce message
Auteur: admin
Date:  
À: pcre-dev
Sujet: [pcre-dev] [Bug 2293] New: Dos attack via control regex
https://bugs.exim.org/show_bug.cgi?id=2293 

            Bug ID: 2293
           Summary: Dos attack via control regex
           Product: PCRE
           Version: 10.31 (PCRE2)
          Hardware: x86-64
                OS: All
            Status: NEW
          Severity: security
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: zp1in@???
                CC: pcre-dev@???


Created attachment 1092
--> https://bugs.exim.org/attachment.cgi?id=1092&action=edit
poc

Regex like `(?:(?!BB).)*` would crash the maintain software. Libpcre calls
`match` function recursively while match the regex and finally run out of the
stack memory.

If attackers controlled regex, he can easily make the program terminated. And
attackers can construct illegal data to Dos Attack program witch contains regex
like it.

--
You are receiving this mail because:
You are on the CC list for the bug.
Ce message a été envoyé sur les listes de diffusion suivantes :
Pcre-dev
Informations sur la liste de diffusion | Messages voisins		<-Re: [pcre-dev] Incompatibility with different names for subpatterns of the same number[pcre-dev] [Bug 2293] Dos attack via control regex->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)