Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 31 May 2015 21:45:16 +0800
From: "wen_guanxing" <>
To: "oss-security" <>
Subject: CVE Request:PCRE Call Stack Overflow Vulnerability


PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into a number of prominent programs, such as the Adobe Flash, Apache, Nginx and PHP. 

PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside compile_regex(), the stack memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to DOS the user running the affected application. 

Info & fixed:

Could a CVE please be assigned to this issue?


Wen Guanxing
From Venustech ADLAB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ