Date: Mon, 10 Aug 2015 00:58:48 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 202209] devel/pcre: Heap Overflow Vulnerability (CVE TBD) Message-ID: <bug-202209-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202209 Bug ID: 202209 Summary: devel/pcre: Heap Overflow Vulnerability (CVE TBD) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: bf@FreeBSD.org Reporter: jason.unovitch@gmail.com Assignee: bf@FreeBSD.org Flags: maintainer-feedback?(bf@FreeBSD.org) PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execute arbitrary code in the context of the user running the affected application. Latest version of PCRE is prone to a Heap Overflow vulnerability which could caused by the following regular expression. /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ Reference: https://bugs.exim.org/show_bug.cgi?id=1667 -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202209-13>