oss-sec mailing list archives
Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c)
From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 24 Mar 2017 10:50:19 +0100
On Monday 20 March 2017 10:28:08 Agostino Sarubbo wrote:
Permalink: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overf low-write-in-pcre32_copy_substring-pcre_get-c
WRITE of size 4 at 0x7f58f32026a0 thread T0 #0 0x7f58f6f90a23 in pcre32_copy_substring /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:358:15
This is CVE-2017-7245
WRITE of size 268 at 0x7f83734026a0 thread T0 #1 0x7f8377118925 in pcre32_copy_substring /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:357:1
This is CVE-2017-7246 -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) Agostino Sarubbo (Mar 20)
- Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) Agostino Sarubbo (Mar 24)