[pcre-dev] CVE-2017-11164 fixed?

Page principale
Supprimer ce message
Auteur: Thomas Klausner
Date:  
À: pcre-dev
Sujet: [pcre-dev] CVE-2017-11164 fixed?
Hi!

In 2017 there was a CVE assigned against pcre 8.41:

https://www.openwall.com/lists/oss-security/2017/07/11/3

> In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c
> allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.


I read the Changelogs and the commit messages for the file mentioned,
but I couldn't clearly see if this is fixed or not. Does someone know?
Thomas