oss-sec mailing list archives
CVE Request: PCRE Library Heap Overflow Vulnerability
From: Guanxing Wen <wengx522 () gmail com>
Date: Thu, 6 Aug 2015 00:55:09 +0800
PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into a number of prominent programs, such as Adobe Flash, Apache, Nginx, PHP. PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execute arbitrary code in the context of the user running the affected application. Reference: https://bugs.exim.org/show_bug.cgi?id=1667 Could you assign a CVE-ID for this? Thank you && Regards. Wen Guanxing from Venustech ADLAB
Current thread:
- CVE Request: PCRE Library Heap Overflow Vulnerability Guanxing Wen (Aug 05)
- Re: CVE Request: PCRE Library Heap Overflow Vulnerability Guanxing Wen (Aug 18)