oss-sec mailing list archives
Re: CVE request: heap buffer overflow in PCRE
From: Murray McAllister <mmcallis () redhat com>
Date: Fri, 21 Nov 2014 14:40:19 +1100
On 11/21/2014 01:43 AM, Vasyl Kaigorodov wrote:
Hello, Heap buffer overflow issue was reported [1] in PCRE when processing a specially crafted regular expression. Upstream patch for this: http://www.exim.org/viewvc/pcre2?view=rev&revision=154 The next upstream release that will contain the above fix is likely to be around Feb/Mar next year (2015). Additional references: [1]: http://bugs.exim.org/show_bug.cgi?id=1546 [2]: https://bugzilla.redhat.com/show_bug.cgi?id=1166147 Can a CVE be assigned to this please? Thanks.
Morning,If it was not already seen, http://bugs.exim.org/show_bug.cgi?id=1546#c8 has "If you can, please reference CVE-2014-8964 as a CVE for this potential security
vulnerability." I do not know who assigned it. Cheers, -- Murray McAllister / Red Hat Product Security
Current thread:
- CVE request: heap buffer overflow in PCRE Vasyl Kaigorodov (Nov 20)
- Re: CVE request: heap buffer overflow in PCRE Murray McAllister (Nov 20)
- Re: CVE request: heap buffer overflow in PCRE cve-assign (Nov 20)
- Re: CVE request: heap buffer overflow in PCRE Murray McAllister (Nov 20)