Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 19 Aug 2015 11:28:38 +0800
From: Guanxing Wen <>
Subject: Re: CVE Request: PCRE Library Heap Overflow Vulnerability

Hi Mitre,
Just a re-ping on this issue.

It has been fixed:

Also the description for issue is listed in the changelog:

Wen Guanxing from Venustech ADLAB

2015-08-06 0:55 GMT+08:00 Guanxing Wen <>:

> PCRE is a regular expression C library inspired by the regular expression
> capabilities in the Perl programming language. The PCRE library is
> incorporated into a number of prominent programs, such as Adobe Flash,
> Apache, Nginx, PHP.
> PCRE library is prone to a vulnerability which leads to Heap Overflow.
> During the compilation of a malformed regular expression, more data is
> written on the malloced block than the expected size output by
> compile_regex. Exploits with advanced Heap Fengshui techniques may allow an
> attacker to execute arbitrary code in the context of the user running the
> affected application.
> Reference:
> Could you assign a CVE-ID for this?
> Thank you && Regards.
> Wen Guanxing from Venustech ADLAB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ