[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request: PCRE Library Heap Overflow in compile_regex()
From:       Guanxing Wen <wengx522 () gmail ! com>
Date:       2015-08-24 1:36:52
Message-ID: CAOSkqBVzdK-qB-hWiQz+od4M1h5=HskE-MGfYx6CyiiXYZv-6g () mail ! gmail ! com
[Download RAW message or body]


Hi, MITRE

PCRE library is prone to a vulnerability which leads to Heap Overflow.
During the compilation of a malformed regular expression, more data is
written on the malloced block than the expected size output by
compile_regex().
The Heap Overflow vulnerability is caused by the following regular
expression.

/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/

A dry run of this particular regular expression with pcretest will reports
"double free or corruption (!prev)".
But it is actually a heap overflow problem.
The overflow only affects pcre 8.x branch, pcre2 branch is not affected.

This is a different issue from
http://www.openwall.com/lists/oss-security/2015/08/05/3

Reference:
https://bugs.exim.org/show_bug.cgi?id=1672

Please allocate a CVE-ID for this.

Thanks.

Wen Guanxing from Venustech ADLAB


[prev in list] [next in list] [prev in thread] [next in thread]