oss-sec mailing list archives
Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()
From: Tavis Ormandy <taviso () google com>
Date: Wed, 3 Jun 2015 13:39:25 -0700
On Wed, Jun 3, 2015 at 9:39 AM, Hhjack <82100840 () qq com> wrote:
As far as I tested, 8.33, 8.34, 8.35, 8.36, 8.37 were confirmed to be affected. PCRE2 10.10 is also confirmed to be vulnerable. Other version may also be affected. Cheers, Wen
I don't know if it's fair to call this a PCRE bug, isn't it PHP misusing the API? Tavis.
Current thread:
- CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() wen_guanxing (Jun 03)
- Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Dan McDonald (Jun 03)
- <Possible follow-ups>
- Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Hhjack (Jun 03)
- Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Tavis Ormandy (Jun 03)
- Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() wen_guanxing (Jun 03)
- Re: Re: Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Guanxing Wen (Jun 04)