https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Bug ID: 1433985 Summary: CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: ane...@redhat.com CC: aort...@redhat.com, ape...@redhat.com, ayo...@redhat.com, chr...@redhat.com, cvsbot-xml...@redhat.com, erlang@lists.fedoraproject.org, jecke...@redhat.com, jjo...@redhat.com, jschl...@redhat.com, kba...@redhat.com, lemen...@gmail.com, l...@redhat.com, lp...@redhat.com, mar...@redhat.com, pleme...@redhat.com, rbry...@redhat.com, rhb...@n-dimensional.de, rjo...@redhat.com, scle...@redhat.com, s...@shk.io, tdeca...@redhat.com An issue was discovered in Erlang/OTP Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. References: https://github.com/erlang/otp/pull/1108 -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ erlang mailing list -- erlang@lists.fedoraproject.org To unsubscribe send an email to erlang-le...@lists.fedoraproject.org