https://bugs.exim.org/show_bug.cgi?id=2079
Bug ID: 2079 Summary: heapb based buffer overflow write in pcre2_get_error_message_32 Product: PCRE Version: 10.23 (PCRE2) Hardware: x86-64 OS: Linux Status: NEW Severity: security Priority: medium Component: Code Assignee: p...@hermes.cam.ac.uk Reporter: a...@gentoo.org CC: pcre-dev@exim.org Created attachment 1007 --> https://bugs.exim.org/attachment.cgi?id=1007&action=edit stacktrace Hello, I found an heap overflow write through fuzzing. It was tested on version 10.23, compiled with clang-3.9.1 Output, included stacktrace in attachment. Command to reproduce: # pcretest -d -i -32 $FILE Reproducer: https://github.com/asarubbo/poc/blob/master/00220-pcre2-heapoverflow-pcre2_get_error_message_32 ( I know that is preferable attach reproducer here, but this link won't expire in the future ) If someone think that it will expire, feel free to download it and reattach it here. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev