Date: Fri, 24 Mar 2017 10:50:19 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) On Monday 20 March 2017 10:28:08 Agostino Sarubbo wrote: > Permalink: > https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overf > low-write-in-pcre32_copy_substring-pcre_get-c > WRITE of size 4 at 0x7f58f32026a0 thread T0 > #0 0x7f58f6f90a23 in pcre32_copy_substring > /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:358:15 This is CVE-2017-7245 > WRITE of size 268 at 0x7f83734026a0 thread T0 > #1 0x7f8377118925 in > pcre32_copy_substring > /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_get.c:357:1 This is CVE-2017-7246 -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.