oss-sec mailing list archives
CVE Request:PCRE Call Stack Overflow Vulnerability
From: "wen_guanxing" <wen_guanxing () venustech com cn>
Date: Sun, 31 May 2015 21:45:16 +0800
Hello, PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into a number of prominent programs, such as the Adobe Flash, Apache, Nginx and PHP. PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside compile_regex(), the stack memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to DOS the user running the affected application. Info & fixed: https://bugs.exim.org/show_bug.cgi?id=1515 Could a CVE please be assigned to this issue? Thanks, Wen Guanxing From Venustech ADLAB
Current thread:
- CVE Request:PCRE Call Stack Overflow Vulnerability wen_guanxing (May 31)