oss-sec mailing list archives
Re: Re: [scr358145] pcre-8.41 - 8.41
From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 11 Jul 2017 08:43:18 +0200
On Tuesday 11 July 2017 10:03:01 ben wrote:
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.> ------------------------------------------ [Additional Information] This vulns like CVE-2017-9729. it is about line 2061 (from the https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=marku p page) of pcre_exec.c:
Hi, is there an upstream bug report for that? I'm asking because time ago I reported something like that, which was considered expected: https://bugs.exim.org/show_bug.cgi?id=2047 https://bugs.exim.org/show_bug.cgi?id=2048 -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- Re: [scr358145] pcre-8.41 - 8.41 ben (Jul 10)
- Re: Re: [scr358145] pcre-8.41 - 8.41 Agostino Sarubbo (Jul 10)