[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request:PCRE Call Stack Overflow Vulnerability
From:       "=?ISO-8859-1?B?d2VuX2d1YW54aW5n?=" <wen_guanxing () venustech ! com ! cn>
Date:       2015-05-31 13:45:16
Message-ID: tencent_3EBD05065B16F9C558FFDA02 () qq ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]

Hello,


PCRE is a regular expression C library inspired by the regular expression capabilities in the \
Perl programming language. The PCRE library is incorporated into a number of prominent \
programs, such as the Adobe Flash, Apache, Nginx and PHP. 


PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound \
checking inside compile_regex(), the stack memory could be overflowed via a crafted regular \
expression. Since PCRE library is widely used, this vulnerability should affect many \
applications. An attacker may exploit this issue to DOS the user running the affected \
application. 


Info & fixed:
https://bugs.exim.org/show_bug.cgi?id=1515


Could a CVE please be assigned to this issue?


Thanks,


Wen Guanxing
From Venustech ADLAB



[prev in list] [next in list] [prev in thread] [next in thread]