[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE Request:PCRE Call Stack Overflow Vulnerability
From: "=?ISO-8859-1?B?d2VuX2d1YW54aW5n?=" <wen_guanxing () venustech ! com ! cn>
Date: 2015-05-31 13:45:16
Message-ID: tencent_3EBD05065B16F9C558FFDA02 () qq ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
Hello,
PCRE is a regular expression C library inspired by the regular expression capabilities in the \
Perl programming language. The PCRE library is incorporated into a number of prominent \
programs, such as the Adobe Flash, Apache, Nginx and PHP.
PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound \
checking inside compile_regex(), the stack memory could be overflowed via a crafted regular \
expression. Since PCRE library is widely used, this vulnerability should affect many \
applications. An attacker may exploit this issue to DOS the user running the affected \
application.
Info & fixed:
https://bugs.exim.org/show_bug.cgi?id=1515
Could a CVE please be assigned to this issue?
Thanks,
Wen Guanxing
From Venustech ADLAB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic