Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 24 Mar 2017 10:50:19 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c)

On Monday 20 March 2017 10:28:08 Agostino Sarubbo wrote:
> Permalink:
> https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overf
> low-write-in-pcre32_copy_substring-pcre_get-c


> WRITE of size 4 at 0x7f58f32026a0 thread T0
>     #0 0x7f58f6f90a23 in pcre32_copy_substring
> /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:358:15
This is CVE-2017-7245


> WRITE of size 268 at 0x7f83734026a0 thread T0
> #1 0x7f8377118925 in
> pcre32_copy_substring
> /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:357:1
This is CVE-2017-7246


-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.