FreeBSD Bugzilla – Attachment 159717 Details for
Bug 202209
devel/pcre: Heap Overflow Vulnerability (CVE TBD)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml for pcre <= 8.37_2
pcre_vuxml.diff (text/plain), 1.65 KB, created by
Jason Unovitch
on 2015-08-10 01:10:08 UTC
(
hide
)
Description:
security/vuxml for pcre <= 8.37_2
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-08-10 01:10:08 UTC
Size:
1.65 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 393831) >+++ vuln.xml (working copy) >@@ -58,6 +58,40 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="ff0acfb4-3efa-11e5-93ad-002590263bf5"> >+ <topic>pcre -- heap overflow vulnerability in '(?|' situations</topic> >+ <affects> >+ <package> >+ <name>pcre</name> >+ <range><le>8.37_2</le></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Venustech ADLAB reports:</p> >+ <blockquote cite="https://bugs.exim.org/show_bug.cgi?id=1667"> >+ <p>PCRE library is prone to a vulnerability which leads to Heap >+ Overflow. During the compilation of a malformed regular expression, >+ more data is written on the malloced block than the expected size >+ output by compile_regex. Exploits with advanced Heap Fengshui >+ techniques may allow an attacker to execute arbitrary code in the >+ context of the user running the affected application.</p> >+ <p>Latest version of PCRE is prone to a Heap Overflow vulnerability >+ which could caused by the following regular expression.</p> >+ <p>/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <freebsdpr>ports/202209</freebsdpr> >+ <url>https://bugs.exim.org/show_bug.cgi?id=1667</url> >+ </references> >+ <dates> >+ <discovery>2015-08-05</discovery> >+ <entry>2015-08-10</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="8eee06d4-c21d-4f07-a669-455151ff426f"> > <topic>mozilla -- multiple vulnerabilities</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202209
: 159717 |
159718
|
159719
|
159720