oss-sec mailing list archives
Heap Overflow in PCRE
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 24 Nov 2015 11:33:43 +0100
https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html The Perl Compatible Regular Expressions (PCRE) library has just released a new version which fixes a number of security issues. Fuzzing the pcretest tool uncovered an input leading to a heap overflow in the function pcre_exec. This bug was found with the help of american fuzzy lop and address sanitizer. https://bugs.exim.org/show_bug.cgi?id=1637 Upstream bug #1637 (PoC and ASAN trace attached there) This is fixed in PCRE 8.38. There are two variants of PCRE, the classic one and PCRE2. PCRE2 is not affected. https://lists.exim.org/lurker/message/20151123.125009.80e5ac05.en.html Appart from that a couple of other vulnerabilities found by other people have been fixed in this release: https://bugs.exim.org/show_bug.cgi?id=1672 Heap overflow in compile_regex https://bugs.exim.org/show_bug.cgi?id=1515 Stack overflow in compile_regex https://bugs.exim.org/show_bug.cgi?id=1667 Heap overflow in compile_regex If you use PCRE to parse untrusted inputs you should update immediately. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 24)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 25)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE cve-assign (Nov 28)
- Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
- Re: Heap Overflow in PCRE cve-assign (Nov 29)
- Re: Re: Heap Overflow in PCRE Tomas Hoger (Nov 30)
- Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
- Re: Heap Overflow in PCRE cve-assign (Dec 01)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)