[pcre-dev] [Bug 1636] PCRE Library Heap Overflow Vulnerabili…

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Old-Topics: [pcre-dev] [Bug 1636] New: PCRE Library Heap Overflow Vulnerability
Subject: [pcre-dev] [Bug 1636] PCRE Library Heap Overflow Vulnerability
https://bugs.exim.org/show_bug.cgi?id=1636

Mehmet gelisin <mehmetgelisin@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mehmetgelisin@???


--- Comment #4 from Mehmet gelisin <mehmetgelisin@???> ---
PCRE Call Stack Overflow Vulnerability
------------------------------------------------------------------
I. Summary http://www-look-4.com/
PCRE library is prone to a vulnerability which leads to Stack Overflow. Without
enough bound checking inside compile_regex(), http://www.iu-bloomington.com/
the stack memory could be overflowed via a crafted regular expression. Since
PCRE library is widely used, https://www.webb-dev.co.uk/ this vulnerability
should affect many applications. An attacker may exploit this issue to DOS the
user running the affected application. https://waytowhatsnext.com/
------------------------------------------------------------------
II. Description
PCRE is a regular expression C library inspired by the regular expression
capabilities in the Perl programming language. The PCRE library is incorporated
into a number http://www.acpirateradio.co.uk/ of prominent programs, such as
the Adobe Flash, Apache HTTP Server, Nginx HTTP Serer and PHP scripting
languages. Latest version of PCRE is prone to a Stack Overflow vulnerability
which could caused by the following regular expression.
http://www.logoarts.co.uk/

/((?(R)a|(?1)))*/

To reproduce the problem, we could use pcretest provide by PCRE library or
applications which is wrapped with PCRE such as PHP.
http://www.slipstone.co.uk/
For pcretest, simply type the regular expression after the re>
For PHP, latest version of PHP 5.5/5.6 (wrapped with PCRE 8.35) could be
triggered by following code snippet.

<?php
preg_match("/((?(R)a|(?1)))*/","abcd",$arr);
?>

Other versions and applications may also be affected. Although it cause
could_be_empty_branch() to recursively call itself forever, this is a different
bug from http://embermanchester.uk/

PCRE Call Stack Overflow Vulnerability
------------------------------------------------------------------
I. Summary
PCRE library is prone to a vulnerability which leads to Stack Overflow. Without
enough bound checking inside compile_regex(), the stack memory could be
http://connstr.net/ overflowed via a crafted regular expression. Since PCRE
library is widely used, this vulnerability should affect many applications. An
attacker may exploit this issue to DOS the user running the affected
application.
------------------------------------------------------------------
II. Description
PCRE is a regular expression C library inspired by the regular expression
http://joerg.li/ capabilities in the Perl programming language. The PCRE
library is incorporated into a number of prominent programs, such as the Adobe
Flash, Apache HTTP Server, Nginx HTTP Serer and PHP scripting languages. Latest
version of PCRE is prone to a Stack Overflow vulnerability which could caused
by the following regular expression. http://www.jopspeech.com/

/((?(R)a|(?1)))*/

To reproduce the problem, we could use pcretest provide by PCRE library or
applications which is wrapped with PCRE such as PHP.
For pcretest, simply type the regular expression after the re>
For PHP, latest version of PHP 5.5/5.6 (wrapped with PCRE 8.35) could be
triggered by following code snippet. http://www.wearelondonmade.com/

<?php
preg_match("/((?(R)a|(?1)))*/","abcd",$arr);
?>

Other versions and applications may also be affected. Although it cause
could_be_empty_branch() to recursively call itself forever, this is a different
bug from http://www.compilatori.com/

--
You are receiving this mail because:
You are on the CC list for the bug.