oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c)

From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 24 Mar 2017 10:50:19 +0100
On Monday 20 March 2017 10:28:08 Agostino Sarubbo wrote:

Permalink:
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overf
low-write-in-pcre32_copy_substring-pcre_get-c




WRITE of size 4 at 0x7f58f32026a0 thread T0
    #0 0x7f58f6f90a23 in pcre32_copy_substring
/tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:358:15

This is CVE-2017-7245



WRITE of size 268 at 0x7f83734026a0 thread T0
#1 0x7f8377118925 in
pcre32_copy_substring
/tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:357:1

This is CVE-2017-7246


-- 
Agostino Sarubbo
Gentoo Linux Developer
Previous By Date Next
Previous By Thread Next

Current thread: