oss-sec mailing list archives

Re: Heap Overflow in PCRE

From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Wed, 25 Nov 2015 12:04:06 +0100

Hanno Böck <hanno () hboeck de> wrote:

On Tue, 24 Nov 2015 12:57:09 +0100
Fabian Keil <freebsd-listen () fabiankeil de> wrote:

The last sentence seems overly broad to me as many (most?)
applications use trusted PCRE patterns (that get parsed and executed)
to parse untrusted input.

For this use case the issues above don't seem to require immediate
action.


True.
I changed the wording to better reflect that.


Thanks.

Fabian

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)
  - Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 24)
  - Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
    - Re: Heap Overflow in PCRE Fabian Keil (Nov 25)
- Re: Heap Overflow in PCRE cve-assign (Nov 28)
  - Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
    - Re: Heap Overflow in PCRE cve-assign (Nov 29)
    - Re: Re: Heap Overflow in PCRE Tomas Hoger (Nov 30)
  - Re: Heap Overflow in PCRE cve-assign (Dec 01)
    - Re: Re: Heap Overflow in PCRE Salvatore Bonaccorso (Dec 02)
    - Re: Heap Overflow in PCRE cve-assign (Dec 02)
    - Re: Re: Heap Overflow in PCRE Jakub Wilk (Dec 03)