[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
From: "=?gb18030?B?enp0MDkwNw==?=" <16362505 () qq ! com>
Date: 2018-12-20 1:12:12
Message-ID: tencent_A786522C4D809AC127F67E2097EFD95D2406 () qq ! com
[Download RAW message or body]
# Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
## Product Download: https://sourceforge.net/projects/pcre/files/pcre/
## Vulnerability Type£ºBuffer Overflow
## Attack Type : local
## Vulnerability Description
a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c \
because of a self-recursive call
> file:pcre_exec.c
> function match() line 983 and line 2061
## POC
https://github.com/followboy1999/poc/tree/master/CVE-2017-16231
./pcretest pcre_poc.txt
## Versions:PCRE 8.41
## Impact:Denial of Service
## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC)
## References
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16231
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic