VuXML ID | Description |
6900e6f1-4a79-11e5-9ad8-14dae9d210b8 | pcre -- heap overflow vulnerability
Guanxing Wen reports:
PCRE library is prone to a vulnerability which leads to
Heap Overflow.
During the compilation of a malformed regular expression, more data is
written on the malloced block than the expected size output by
compile_regex().
The Heap Overflow vulnerability is caused by the following regular
expression.
/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/
A dry run of this particular regular expression with pcretest will
reports "double free or corruption (!prev)".
But it is actually a heap overflow problem.
The overflow only affects pcre 8.x branch, pcre2 branch is not affected.
Discovery 2015-08-21 Entry 2015-08-24 pcre
< 8.37_4
http://seclists.org/oss-sec/2015/q3/295
https://bugs.exim.org/show_bug.cgi?id=1672
|
ff0acfb4-3efa-11e5-93ad-002590263bf5 | pcre -- heap overflow vulnerability in '(?|' situations
Venustech ADLAB reports:
PCRE library is prone to a vulnerability which leads to Heap
Overflow. During the compilation of a malformed regular expression,
more data is written on the malloced block than the expected size
output by compile_regex. Exploits with advanced Heap Fengshui
techniques may allow an attacker to execute arbitrary code in the
context of the user running the affected application.
Latest version of PCRE is prone to a Heap Overflow vulnerability
which could caused by the following regular expression.
/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/
Discovery 2015-08-05 Entry 2015-08-10 pcre
<= 8.37_2
ports/202209
https://bugs.exim.org/show_bug.cgi?id=1667
|
8a1d0e63-1e07-11e5-b43d-002590263bf5 | pcre -- Heap Overflow Vulnerability in find_fixedlength()
Venustech ADLAB reports:
PCRE library is prone to a vulnerability which leads to Heap
Overflow. During subpattern calculation of a malformed regular
expression, an offset that is used as an array index is fully
controlled and can be large enough so that unexpected heap
memory regions are accessed.
One could at least exploit this issue to read objects nearby of
the affected application's memory.
Such information disclosure may also be used to bypass memory
protection method such as ASLR.
Discovery 2015-06-23 Entry 2015-06-29 pcre
<= 8.37_1
CVE-2015-5073
https://bugs.exim.org/show_bug.cgi?id=1651
http://vcs.pcre.org/pcre?view=revision&revision=1571
http://www.openwall.com/lists/oss-security/2015/06/26/1
|
4a88e3ed-00d3-11e5-a072-d050996490d0 | pcre -- multiple vulnerabilities
PCRE development team reports:
A pattern such as "((?2){0,1999}())?", which has a group
containing a forward reference repeated a large (but limited)
number of times within a repeated outer group that has a zero
minimum quantifier, caused incorrect code to be compiled,
leading to the error "internal error: previously-checked
referenced subpattern not found" when an incorrect memory
address was read. This bug was reported as "heap overflow",
discovered by Kai Lu of Fortinet's FortiGuard Labs and given
the CVE number CVE-2015-2325.
A pattern such as "((?+1)(\1))/" containing a forward
reference subroutine call within a group that also contained
a recursive back reference caused incorrect code to be
compiled. This bug was reported as "heap overflow",
discovered by Kai Lu of Fortinet's FortiGuard Labs,
and given the CVE number CVE-2015-2326.
Discovery 2015-04-28 Entry 2015-05-22 Modified 2015-06-07 pcre
< 8.37
CVE-2015-2325
CVE-2015-2326
http://www.pcre.org/original/changelog.txt
|
7033b42d-ef09-11e5-b766-14dae9d210b8 | pcre -- stack buffer overflow
Philip Hazel reports:
PCRE does not validate that handling the (*ACCEPT) verb
will occur within the bounds of the cworkspace stack buffer, leading to
a stack buffer overflow.
Discovery 2016-02-09 Entry 2016-03-21 Modified 2016-03-21 pcre
< 8.38
pcre2
< 10.20_1
https://bugs.exim.org/show_bug.cgi?id=1791
CVE-2016-3191
|
497b82e0-f9a0-11e5-92ce-002590263bf5 | pcre -- heap overflow vulnerability
Mitre reports:
The pcre_compile2 function in pcre_compile.c in PCRE 8.38
mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/
pattern and related patterns with named subgroups, which allows
remote attackers to cause a denial of service (heap-based buffer
overflow) or possibly have unspecified other impact via a crafted
regular expression, as demonstrated by a JavaScript RegExp object
encountered by Konqueror.
Discovery 2016-02-27 Entry 2016-04-03 pcre
< 8.38_1
CVE-2016-1283
ports/208260
https://bugs.exim.org/show_bug.cgi?id=1767
|
e69af246-0ae2-11e5-90e4-d050996490d0 | pcre -- multiple vulnerabilities
Venustech ADLAB reports:
PCRE library is prone to a vulnerability which leads
to Heap Overflow. During the compilation of a malformed
regular expression, more data is written on the malloced
block than the expected size output by compile_regex.
PCRE library is prone to a vulnerability which leads to
Stack Overflow. Without enough bound checking inside
match(), the stack memory could be overflowed via a
crafted regular expression.
Discovery 2015-05-29 Entry 2015-06-04 Modified 2015-06-07 pcre
< 8.37_1
CVE-2015-3210
CVE-2015-3217
https://bugs.exim.org/show_bug.cgi?id=1636
https://bugs.exim.org/show_bug.cgi?id=1638
|