oss-sec mailing list archives

Re: Re: [scr358145] pcre-8.41 - 8.41

From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 11 Jul 2017 08:43:18 +0200

On Tuesday 11 July 2017 10:03:01 ben wrote:

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c
allows stack exhaustion (uncontrolled recursion) when processing a crafted
regular expression.>


------------------------------------------



[Additional Information]
This vulns like CVE-2017-9729.
it is about line 2061 (from the
https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=marku
p page) of pcre_exec.c:


Hi, is there an upstream bug report for that?

I'm asking because time ago I reported something like that, which was 
considered expected:
https://bugs.exim.org/show_bug.cgi?id=2047
https://bugs.exim.org/show_bug.cgi?id=2048

-- 
Agostino Sarubbo
Gentoo Linux Developer

Current thread:

Re: [scr358145] pcre-8.41 - 8.41 ben (Jul 10)
- Re: Re: [scr358145] pcre-8.41 - 8.41 Agostino Sarubbo (Jul 10)