CVE Request:PCRE Call Stack Overflow Vulnerability

["wen_guanxing" <wen_guanxing () venustech com cn>]

Hello,


PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming 
language. The PCRE library is incorporated into a number of prominent programs, such as the Adobe Flash, Apache, Nginx 
and PHP. 


PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside 
compile_regex(), the stack memory could be overflowed via a crafted regular expression. Since PCRE library is widely 
used, this vulnerability should affect many applications. An attacker may exploit this issue to DOS the user running 
the affected application. 


Info & fixed:
https://bugs.exim.org/show_bug.cgi?id=1515


Could a CVE please be assigned to this issue?


Thanks,


Wen Guanxing
From Venustech ADLAB