Date: Sun, 31 May 2015 21:45:16 +0800 From: "wen_guanxing" <wen_guanxing@...ustech.com.cn> To: "oss-security" <oss-security@...ts.openwall.com> Subject: CVE Request:PCRE Call Stack Overflow Vulnerability Hello, PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into a number of prominent programs, such as the Adobe Flash, Apache, Nginx and PHP. PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside compile_regex(), the stack memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to DOS the user running the affected application. Info & fixed: https://bugs.exim.org/show_bug.cgi?id=1515 Could a CVE please be assigned to this issue? Thanks, Wen Guanxing From Venustech ADLAB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ