https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Bug ID: 1433985
Summary: CVE-2016-10253 erlang: Heap-buffer overflow via
regular expressions
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-t...@redhat.com
Reporter: ane...@redhat.com
CC: aort...@redhat.com, ape...@redhat.com,
ayo...@redhat.com, chr...@redhat.com,
cvsbot-xml...@redhat.com,
erlang@lists.fedoraproject.org, jecke...@redhat.com,
jjo...@redhat.com, jschl...@redhat.com,
kba...@redhat.com, lemen...@gmail.com, l...@redhat.com,
lp...@redhat.com, mar...@redhat.com,
pleme...@redhat.com, rbry...@redhat.com,
rhb...@n-dimensional.de, rjo...@redhat.com,
scle...@redhat.com, s...@shk.io, tdeca...@redhat.com
An issue was discovered in Erlang/OTP Erlang's generation of compiled regular
expressions is vulnerable to a heap overflow. Regular expressions using a
malformed extpattern can indirectly specify an offset that is used as an array
index. This ordinal permits arbitrary regions within the erts_alloc arena to be
both read and written to.
References:
https://github.com/erlang/otp/pull/1108
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
erlang mailing list -- erlang@lists.fedoraproject.org
To unsubscribe send an email to erlang-le...@lists.fedoraproject.org
