FreeBSD Bugzilla – Attachment 158148 Details for
Bug 201188
devel/pcre: Heap Overflow Vulnerability in find_fixedlength (CVE-2015-5073)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml entry for pcre CVE-2015-5073
pcre-vuxml.diff (text/plain), 1.77 KB, created by
Jason Unovitch
on 2015-06-29 03:32:19 UTC
(
hide
)
Description:
security/vuxml entry for pcre CVE-2015-5073
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-06-29 03:32:19 UTC
Size:
1.77 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 390877) >+++ vuln.xml (working copy) >@@ -57,6 +57,42 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="8a1d0e63-1e07-11e5-b43d-002590263bf5"> >+ <topic>pcre -- Heap Overflow Vulnerability in find_fixedlength()</topic> >+ <affects> >+ <package> >+ <name>pcre</name> >+ <range><lt>8.37_2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Venustech ADLAB reports:</p> >+ <blockquote cite="https://bugs.exim.org/show_bug.cgi?id=1651"> >+ <p>PCRE library is prone to a vulnerability which leads to Heap >+ Overflow. During subpattern calculation of a malformed regular >+ expression, an offset that is used as an array index is fully >+ controlled and can be large enough so that unexpected heap >+ memory regions are accessed.</p> >+ <p>One could at least exploit this issue to read objects nearby of >+ the affected application's memory.</p> >+ <p>Such information disclosure may also be used to bypass memory >+ protection method such as ASLR.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2015-5073</cvename> >+ <url>https://bugs.exim.org/show_bug.cgi?id=1651</url> >+ <url>http://vcs.pcre.org/pcre?view=revision&revision=1571</url> >+ <mlist>http://www.openwall.com/lists/oss-security/2015/06/26/1</mlist> >+ </references> >+ <dates> >+ <discovery>2015-06-23</discovery> >+ <entry>2015-06-29</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="acd5d037-1c33-11e5-be9c-6805ca1d3bb1"> > <topic>qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 201188
: 158148 |
158149
|
158173