Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 31 May 2015 21:45:16 +0800
From: "wen_guanxing" <wen_guanxing@...ustech.com.cn>
To: "oss-security" <oss-security@...ts.openwall.com>
Subject: CVE Request:PCRE Call Stack Overflow Vulnerability

Hello,


PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into a number of prominent programs, such as the Adobe Flash, Apache, Nginx and PHP. 


PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside compile_regex(), the stack memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to DOS the user running the affected application. 


Info & fixed:
https://bugs.exim.org/show_bug.cgi?id=1515


Could a CVE please be assigned to this issue?


Thanks,


Wen Guanxing
From Venustech ADLAB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ