[pcre-dev] [Bug 2293] New: Dos attack via control regex

admin Thu, 26 Jul 2018 01:12:52 -0700

https://bugs.exim.org/show_bug.cgi?id=2293


            Bug ID: 2293
           Summary: Dos attack via control regex
           Product: PCRE
           Version: 10.31 (PCRE2)
          Hardware: x86-64
                OS: All
            Status: NEW
          Severity: security
          Priority: medium
         Component: Code
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]

Created attachment 1092
  --> https://bugs.exim.org/attachment.cgi?id=1092&action=edit
poc

Regex like `(?:(?!BB).)*` would crash the maintain software. Libpcre calls
`match` function  recursively while match the regex and finally run out of the
stack memory.

If attackers controlled regex, he can easily make the program terminated. And
attackers can construct illegal data to Dos Attack program witch contains regex
like it.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2293] New: Dos attack via control regex

Reply via email to