Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 24 Aug 2015 09:36:52 +0800
From: Guanxing Wen <>
Subject: CVE Request: PCRE Library Heap Overflow in compile_regex()


PCRE library is prone to a vulnerability which leads to Heap Overflow.
During the compilation of a malformed regular expression, more data is
written on the malloced block than the expected size output by
The Heap Overflow vulnerability is caused by the following regular


A dry run of this particular regular expression with pcretest will reports
"double free or corruption (!prev)".
But it is actually a heap overflow problem.
The overflow only affects pcre 8.x branch, pcre2 branch is not affected.

This is a different issue from


Please allocate a CVE-ID for this.


Wen Guanxing from Venustech ADLAB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ