oss-sec mailing list archives
Re: Re: Heap Overflow in PCRE
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sat, 28 Nov 2015 21:06:01 -0800
Most PCRE findings have a requirement that the attacker is able to provide an arbitrary regular expression in a way that crosses a privilege boundary. http://www.pcre.org/current/doc/html/pcre2pattern.html implies that this is relevant to the PCRE security model, i.e., the reference to "applications that allow their users to supply patterns." We've mentioned this before in http://www.openwall.com/lists/oss-security/2015/09/08/8 but we're still unaware of any specific application that meets this requirement
Languages such as Flash or JavaScript, where untrusted parties are allowed to specify regular expression patterns that are compiled by an underlying regex library - be it PCRE or something else. Examples: https://code.google.com/p/google-security-research/issues/detail?id=225 https://code.google.com/p/google-security-research/issues/detail?id=208 /mz
Current thread:
- Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 24)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 25)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE cve-assign (Nov 28)
- Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
- Re: Heap Overflow in PCRE cve-assign (Nov 29)
- Re: Re: Heap Overflow in PCRE Tomas Hoger (Nov 30)
- Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
- Re: Heap Overflow in PCRE cve-assign (Dec 01)
- Re: Re: Heap Overflow in PCRE Salvatore Bonaccorso (Dec 02)
- Re: Heap Overflow in PCRE cve-assign (Dec 02)
- Re: Re: Heap Overflow in PCRE Jakub Wilk (Dec 03)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)