oss-sec mailing list archives

Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match()

From: Tavis Ormandy <taviso () google com>
Date: Wed, 3 Jun 2015 13:39:25 -0700

On Wed, Jun 3, 2015 at 9:39 AM, Hhjack <82100840 () qq com> wrote:

As far as I tested, 8.33, 8.34, 8.35, 8.36, 8.37 were confirmed to be affected.
PCRE2 10.10 is also confirmed to be vulnerable.
Other version may also be affected.


Cheers,
Wen


I don't know if it's fair to call this a PCRE bug, isn't it PHP
misusing the API?

Tavis.

Current thread:

CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() wen_guanxing (Jun 03)
- Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Dan McDonald (Jun 03)
- <Possible follow-ups>
- Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Hhjack (Jun 03)
  - Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Tavis Ormandy (Jun 03)
- Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() wen_guanxing (Jun 03)
  - Re: Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Felipe Pena (Jun 04)
- Re: Re: Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Guanxing Wen (Jun 04)