[pcre-dev] [Bug 393] Analogue of errors_copy for warning mes…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Madmin at <-
Madmin at ->
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 393] Analogue of errors_copy for warning messages
https://bugs.exim.org/show_bug.cgi?id=393

--- Comment #8 from Andrey V. Malyshev <amal@???> ---

How does this relate to the issue discussed here?

(In reply to rapepav820 from comment #7)
> (In reply to Pihuram from comment #6)
> > https://naturomac.com/
>
> The latest version of PCRE (pcre2-10.34-RC1, pcre2-10.33) is prone to a stack
> http://www.sprite-ideas.com/
> overflow vulnerability in internal_dfa_match() (pcre2_dfa_match.c) which can
> be
> triggered using a crafted regular expression. Upon execution of the crafted
> regular expression, the function internal_dfa_match() calls itself
> recursively,
> resulting into uncontrolled recursion. It exceeds the stack size limit (8
> MB),
> finally resulting into stack exhaustion. An attacker can potentially exploit
> this issue to perform remote code execution or denial of service attack.
>
> =====================
> Output of ASAN compiled library (-fsanitize=address)
>
> Run as: ./pcre2test sbovf-input (attached herewith)
> http://www.componentanalysis.org/
>
> --------------------
> ASAN:DEADLYSIGNAL
> 
> ==17245==ERROR: AddressSanitizer: stack-overflow on address 0x7fffff7feff8
> (pc
> 0x5555555afcc7 bp 0x7fffff7ff4b0 sp 0x7fffff7fefe0 T0)
>     #0 0x5555555afcc6 in internal_dfa_match src/pcre2_dfa_match.c:2859
>     #1 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #2 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
> http://www.environmentaleducationnews.com/
>     #3 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #4 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #5 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #6 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #7 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
> http://toscanoandsonsblog.com/
>     #8 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #9 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #10 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     ...
>     <skipped>
>     ...
>     #240 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #241 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
> http://www.mic-sound.net/
>     #242 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #243 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #244 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
> http://www.craftpatternwarehouse.com/
>     #245 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #246 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #247 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #248 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #249 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871
>     #250 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871

>
>
>
>
>
> SUMMARY: AddressSanitizer: stack-overflow src/pcre2_dfa_match.c:2859 in
> internal_dfa_match http://www.slipstone.co.uk/
> ==17245==ABORTING
>
> ====================
> With gdb
> --------------------
> $ gdb ./pcre2test http://www.bigeasydesarucoast.com/
> 
> (gdb) r sbovf-input
> Program received signal SIGSEGV, Segmentation fault.
> 0x00005555555aaab4 in internal_dfa_match (mb=mb@entry=0x7fffffff5800,
> this_start_code=this_start_code@entry=0x611000000acf "\210", 
>     current_subject=current_subject@entry=0x629000002eb1 '\200' <repeats 200
> times>..., http://matslideborg.com/
> start_offset=start_offset@entry=6522, offsets=offsets@entry=0x7fffec780030,
> offsetcount=offsetcount@entry=1000, https://www.hr-itconsulting.tech/

>
>
>
> http://www.izidil.com/ workspace=0x7fffec781f70, wscount=1000,
> rlevel=6522, RWS=0x7fffeb8c5800) at src/pcre2_dfa_match.c:533
> http://padreislandtv.com/
>
>
>
>
> The latest version of PCRE (pcre2-10.34-RC1, pcre2-10.33) is prone to a stack
> overflow vulnerability http://www.dontfuckwiththeearth.com/ in
> internal_dfa_match()
> (pcre2_dfa_match.c) which can be triggered using a crafted regular
> expression.
> Upon execution of the crafted regular expression, the function
> internal_dfa_match() http://openbsdvps.net/ calls itself recursively,
> resulting into uncontrolled recursion. http://www.artofcharlesgriffith.com/It
> exceeds the stack size limit (8 MB),
> finally resulting into stack exhaustion. An attacker can potentially exploit
> this issue to perform http://www.griintravel.com/ remote code execution or
> denial
> of service attack.
>
> SOURCE
> http://www.lanavebruja.com/
> http://www.nzhorses.co.nz/
> http://www.heurisko.co.nz/
> http://www.totalregistrations.co/
> https://www.waterspumpingservices.co.nz
> http://fb.tiranna.org/
> http://fb.tiranna.org/essences.html
> https://www.laikadesign.net/
> http://www.osubg.org/
> http://www.english-for-winners.com/

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 393] Analogue of errors_copy for warning messages[pcre-dev] [Bug 187] Use errors_to for timeouts after redirect syntax errors->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)