Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 3 Jan 2016 06:08:35 +0800
From: Guanxing Wen <wengx522@...il.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Cc: "cve-assign@...re.org" <cve-assign@...re.org>
Subject: CVE Request: PCRE Library Heap Overflow Vulnerability

Hello MITRE,

PCRE is a regular expression C library inspired by the regular expression
capabilities in the Perl programming language. The PCRE library is
incorporated into a number of prominent programs, such as Adobe Flash,
Apache, Nginx, PHP, KDE/Konqueror.

PCRE library is prone to a vulnerability which leads to Heap Overflow.
During the compilation of a malformed regular expression, more data is
written on the malloced block than the expected size output by
compile_regex. Carefully crafted my lead to code execution in the context
of affected applications.

Reference:
https://bugs.exim.org/show_bug.cgi?id=1767

Please allocate a CVE-ID for this.

Wen Guanxing from Venustech ADLAB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ