'Re: [oss-security] libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get
From:       Agostino Sarubbo <ago () gentoo ! org>
Date:       2017-03-24 9:50:19
Message-ID: 1566168.ji4fmdV5UO () blackgate
[Download RAW message or body]

On Monday 20 March 2017 10:28:08 Agostino Sarubbo wrote:
> Permalink:
> https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overf
> low-write-in-pcre32_copy_substring-pcre_get-c


> WRITE of size 4 at 0x7f58f32026a0 thread T0
>     #0 0x7f58f6f90a23 in pcre32_copy_substring
> /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:358:15
This is CVE-2017-7245


> WRITE of size 268 at 0x7f83734026a0 thread T0
> #1 0x7f8377118925 in
> pcre32_copy_substring
> /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:357:1
This is CVE-2017-7246


-- 
Agostino Sarubbo
Gentoo Linux Developer
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic