oss-sec mailing list archives

CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 26 Mar 2016 08:25:55 +0100

Hi

In Debian the following issue was reported (test case contained)

https://bugs.debian.org/819050


On certain input when processed for regular expressions with nested
alternatives and JIT is used, pcre3 can segfault, affecting in this
case suricata leading to at least a denial of service.

The problem was addressed upstream with commit:
http://vcs.pcre.org/pcre?view=revision&revision=1475

Can you assign a CVE for this issue?

Regards,
Salvatore

Current thread:

CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used Salvatore Bonaccorso (Mar 26)
- Re: CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used Salvatore Bonaccorso (Mar 27)
  - Re: CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used cve-assign (Mar 28)