Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Mar 2016 08:25:55 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: CVE Assignments MITRE <cve-assign@...re.org>
Subject: CVE Request: pcre: Segmentation fault on certain input to regular
 expressions with nested alternatives when JIT is used

Hi

In Debian the following issue was reported (test case contained)

https://bugs.debian.org/819050


On certain input when processed for regular expressions with nested
alternatives and JIT is used, pcre3 can segfault, affecting in this
case suricata leading to at least a denial of service.

The problem was addressed upstream with commit:
http://vcs.pcre.org/pcre?view=revision&revision=1475

Can you assign a CVE for this issue?

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.