oss-sec mailing list archives
Re: Heap Overflow in PCRE
From: cve-assign () mitre org
Date: Sun, 29 Nov 2015 05:58:01 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Languages such as Flash or JavaScript, where untrusted parties are allowed to specify regular expression patterns that are compiled by an underlying regex library - be it PCRE or something else. Examples: https://code.google.com/p/google-security-research/issues/detail?id=225 https://code.google.com/p/google-security-research/issues/detail?id=208
This suggests an important point: CVEs could potentially be tracked by Adobe, and thus have a relationship to systems on which the CVEs aren't directly important to vulnerability assessment of a package with something like pcre or libpcre in its name. "pcre_compile.cpp" in https://code.google.com/p/google-security-research/issues/detail?id=208 might indicate that Adobe has a fork. http://vcs.pcre.org/pcre/code/trunk/ has the pcre_compile.c filename, and http://vcs.pcre.org/pcre2/code/trunk/src/ has the pcre2_compile.c filename. JavaScript may be "something else" in most cases, e.g., http://blog.chromium.org/2009/02/irregexp-google-chromes-new-regexp.html https://github.com/v8/v8/tree/master/src/regexp https://hg.mozilla.org/mozilla-central/file/tip/js/src/irregexp We haven't looked at whether there are ever attack vectors associated with untrusted Lua code, e.g., if the Lua code can make use of something like https://github.com/rrthomas/lrexlib to reach vulnerable code found in the system's libpcre package. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWWtlKAAoJEL54rhJi8gl5LOIQAMEU1DlZOAPKO5LbXfBbAeBA BfBgJbKarzojbDdgZWa0cgT7Fz+ZlJRvmgTYnnhqhscah4jdE4/P2wM5/vn0uZfU 0NaleCEv/jEh9OfPF6DJVd/sABJ2ZcAPMzrjycuLSv1Tytl12djU6+Im/Y7VmZJX hVJ7C5lukXTvNsV/lHPgIb9gWqlQ+EiMBM5bL0Wrmgy5n1xTq8SjqQuZsDwuP4y6 uh3/Du1DyaTGiMgy7Jw17fUJ3D77/FvmBAtyzTcBAsvpjXJ2pXLQpo1QSac/RI9u BXZchxI5aHWfYnPOixbTIB18pdosPN8JbB/+lmQSlEMrBWSOhezk46k1lfVep5K5 yjtLyAizPbCymsZQRFVPJgZl6AUVHR17TXHeLWdXo6P4krpwk2m7GOJhSdLCedZL OGcaz+4EIqDPAGeewjowCRDUcbJaktsOnAwSMjpONl2Q0P4tbvWK53tR7tj9xwTr xI0M6HJol/+ppBIpwUTk6m2HrxpayXHzhmco4K6ew8xOjh+dUHAFVot5w1xuL7BR Mxd/tQamdtfdN7be6sxK+GAf5G2HOfi8OpsO3MRMKyf0eMu34quQuhpzfLQSPc8L LyK2sHxuBnN5corqcnkqKuEwfNYUYeARlVOub+M1EmrWM78lmoGD6i/KgMz5ZS/Z j9ug7RgBt+78I32b76y4 =hUsw -----END PGP SIGNATURE-----
Current thread:
- Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 24)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 25)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE cve-assign (Nov 28)
- Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
- Re: Heap Overflow in PCRE cve-assign (Nov 29)
- Re: Re: Heap Overflow in PCRE Tomas Hoger (Nov 30)
- Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
- Re: Heap Overflow in PCRE cve-assign (Dec 01)
- Re: Re: Heap Overflow in PCRE Salvatore Bonaccorso (Dec 02)
- Re: Heap Overflow in PCRE cve-assign (Dec 02)
- Re: Re: Heap Overflow in PCRE Jakub Wilk (Dec 03)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)