Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 24 Mar 2017 10:50:19 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c)

On Monday 20 March 2017 10:28:08 Agostino Sarubbo wrote:
> Permalink:
> https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overf
> low-write-in-pcre32_copy_substring-pcre_get-c


> WRITE of size 4 at 0x7f58f32026a0 thread T0
>     #0 0x7f58f6f90a23 in pcre32_copy_substring
> /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:358:15
This is CVE-2017-7245


> WRITE of size 268 at 0x7f83734026a0 thread T0
> #1 0x7f8377118925 in
> pcre32_copy_substring
> /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:357:1
This is CVE-2017-7246


-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ