mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-19 19:59:43 +00:00
Document PCRE heap overflow vulnerability in '(?|' situations
PR: 202209 Security: ff0acfb4-3efa-11e5-93ad-002590263bf5 Approved by: feld (mentor)
This commit is contained in:
parent
c7f82b1c6e
commit
39531e5b46
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=393854
@ -58,6 +58,40 @@ Notes:
|
||||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="ff0acfb4-3efa-11e5-93ad-002590263bf5">
|
||||
<topic>pcre -- heap overflow vulnerability in '(?|' situations</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>pcre</name>
|
||||
<range><le>8.37_2</le></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Venustech ADLAB reports:</p>
|
||||
<blockquote cite="https://bugs.exim.org/show_bug.cgi?id=1667">
|
||||
<p>PCRE library is prone to a vulnerability which leads to Heap
|
||||
Overflow. During the compilation of a malformed regular expression,
|
||||
more data is written on the malloced block than the expected size
|
||||
output by compile_regex. Exploits with advanced Heap Fengshui
|
||||
techniques may allow an attacker to execute arbitrary code in the
|
||||
context of the user running the affected application.</p>
|
||||
<p>Latest version of PCRE is prone to a Heap Overflow vulnerability
|
||||
which could caused by the following regular expression.</p>
|
||||
<p>/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<freebsdpr>ports/202209</freebsdpr>
|
||||
<url>https://bugs.exim.org/show_bug.cgi?id=1667</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2015-08-05</discovery>
|
||||
<entry>2015-08-10</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="8eee06d4-c21d-4f07-a669-455151ff426f">
|
||||
<topic>mozilla -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user