Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Jul 2017 10:03:01 +0800
From: "ben" <qbenjin@...com>
To: "oss-security" <oss-security@...ts.openwall.com>
Cc: "huangyonggang" <huangyonggang@...60.cn>
Subject: Re:  [scr358145] pcre-8.41 - 8.41

> [Suggested description]
> In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c
> allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
> 
> ------------------------------------------
> 
> [Additional Information]
> This vulns like CVE-2017-9729.
> it is about line 2061 (from the https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=markup page) of pcre_exec.c:
> 
> RMATCH(eptr, prev, offset_top, md, eptrb, RM13);
> 
> this recursive calls case Segmentation fault ,because of stack exhaustion.
> 
> 
>  The poc code like: 
> 
>  if(regcomp (&regtmp,"\x28\x61\x2A\x5C\x56\x2A\x5C\x43\x2B\x29\x2A\x6F\xE5\xA2\x80", REG_UTF8 )==0)
>   {  
>    regmatch_t pmatch[1];
>    regexec(&regtmp, "\x6C\x6F\xE5\xA2\x80\x2D ",1, pmatch, 0);
>    regfree(&regtmp);
>  }
> with configure --enable-utf
> 
> ------------------------------------------
> 
> [VulnerabilityType Other]
> stack exhaustion
> 
> ------------------------------------------
> 
> [Vendor of Product]
> http://www.pcre.org/
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> pcre-8.41 - 8.41
> 
> ------------------------------------------
> 
> [Affected Component]
> pcre_exec.c
> 
> ------------------------------------------
> 
> [Attack Type]
> Remote
> 
> ------------------------------------------
> 
> [Impact Denial of Service]
> true
> 
> ------------------------------------------
> 
> [Attack Vectors]
> many methods!   many program use pcre,  like: php and nginx ,please see: https://en.wikipedia.org/wiki/Comparison_of_regular_expression_engines
> 
> ------------------------------------------
> 
> [Reference]
> https://en.wikipedia.org/wiki/Comparison_of_regular_expression_engines
> http://www.pcre.org/
> 
> ------------------------------------------
> 
> [Discoverer]
> Benjin Liu, codesafe of qihoo 360 ,http://codesafe.cn

Use CVE-2017-11164.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJZY7EfAAoJEHb/MwWLVhi2wBIP/jIMwxZB892scrm393PA4zM3
adhV1TQ2tkpG4ALp4zC0MhHFfVr11LuWlSxsgu/OGHBTPLYldbK+hhVOtaV7EqSB
+vrvAKEepOJKLB71AR4XpixzedQnP0+SOAgYvnpVI3LW/Yb2j2yZhhTbzh6H+5Zy
Z75mpeDH7HibIkTgFMlAJ6d/3VsN7Xmadc9YzZ7m+NvdU/r3pg+/dxQHd1zwrMPl
3V/IBVpAq0XiHUy470mruV7EUWAdB8rWIoN1AAxN61aiCrp0xZ/MIEXOqQPyswhd
bO7jrJgeCUbovhi/PZMINX67zgTVt+yOfnpgwr5wLFoTXjzES1N1sdNWruGSN/VY
SrGimn286l/bYaDCr5nY4o6W+RALuIMw/gJL6VBuJFcQ9aNpG9GH3JdT154TZwDt
HM3LHX8tGPULeVLRFn77rdmaoaWUaEYvvBb6UvwQyTn81lx6TNCu3nVULCxNnkpp
EVypMZo4SJ8nxJjfA+Ccvy1ZJimMAkb5mZvu+dVT95sN827HvYAVyvxQx1a7aeku
euBjypn84Jx+tj9q4Hgkto8qwmJGar1dWab8/qh8YH1KLpfXgIoNMlUcSWjvdB53
QPv2btH48/aHnZ5Gp+0D7CxWxUtP2FoSzghlINjakJ1/zXGhGgqJoRnF9BjZ/uTG
yuPbKM/5rrPKj9Q9Gc/t
=rH9J
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.