Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 11 Jul 2017 08:43:18 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: ben <qbenjin@...com>, huangyonggang <huangyonggang@...60.cn>
Subject: Re: Re:  [scr358145] pcre-8.41 - 8.41

On Tuesday 11 July 2017 10:03:01 ben wrote:
> > In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c
> > allows stack exhaustion (uncontrolled recursion) when processing a crafted
> > regular expression.>
> > 
> >
> > ------------------------------------------
> >
> > 
> >
> > [Additional Information]
> > This vulns like CVE-2017-9729.
> > it is about line 2061 (from the
> > https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=marku
> > p page) of pcre_exec.c:

Hi, is there an upstream bug report for that?

I'm asking because time ago I reported something like that, which was 
considered expected:
https://bugs.exim.org/show_bug.cgi?id=2047
https://bugs.exim.org/show_bug.cgi?id=2048

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ