https://bugs.exim.org/show_bug.cgi?id=2777
Mehmet gelisin <mehmetgeli...@aol.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mehmetgeli...@aol.com --- Comment #2 from Mehmet gelisin <mehmetgeli...@aol.com> --- I. Summary PCRE is a regular expression C library inspired http://www-look-4.com/ by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into http://www.iu-bloomington.com/ a number of prominent programs, such as Adobe Flash, Apache, Nginx, PHP. PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of https://www.webb-dev.co.uk/ a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex. Exploits with advanced Heap https://waytowhatsnext.com/ Fengshui techniques may allow an attacker to execute arbitrary code in the context of the user running the affected application. ------------------------------------------------------------------ II. Description http://www.acpirateradio.co.uk/ Latest version of PCRE is prone to a Heap Overflow vulnerability which could caused by the following regular expression. /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ http://www.logoarts.co.uk/ A dry run of this particular regular expression with pcretest will reports "double free or corruption (!prev)". But it is actually a heap overflow problem. It is a similar problem as discussed. http://www.slipstone.co.uk/ Following test is conveyed with svn updated version of pcre, Here is the memory layout of re(its size is 248) just before the second compile_regexp(): http://embermanchester.uk/ ============================================================== (gdb) x/256b 0x1f8a8a0 0x1f8a8a0: [0x45 0x52 0x43 0x50 0xf8 0x00 0x00 0x00 0x1f8a8a8: 0x00 0x00 0x00 0x00 0x00 0x04 0x00 0x00 0x1f8a8b0: 0xff 0xff 0xff 0xff 0xff 0xff 0xff 0xff 0x1f8a8b8: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x1f8a8c0: 0x00 0x00 0x40 0x00 0x04 0x00 0x05 0x00 http://connstr.net/ I. Summary PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into a number of prominent programs, such as Adobe Flash, Apache, Nginx, PHP. PCRE library is prone to http://joerg.li/ a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execute arbitrary code in the context of the user running the affected application. http://www.jopspeech.com/ ------------------------------------------------------------------ II. Description Latest version of PCRE is prone to a Heap Overflow vulnerability which could caused by the following regular expression. /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ http://www.wearelondonmade.com/ A dry run of this particular regular expression with pcretest will reports "double free or corruption (!prev)". But it is actually a heap overflow problem. It is a similar problem as discussed. Following test is conveyed with svn updated version of pcre, Here is the memory layout of re(its size is 248) just before the second compile_regexp(): ============================================================== (gdb) x/256b 0x1f8a8a0 http://www.compilatori.com/ 0x1f8a8a0: [0x45 0x52 0x43 0x50 0xf8 0x00 0x00 0x00 0x1f8a8a8: 0x00 0x00 0x00 0x00 0x00 0x04 0x00 0x00 0x1f8a8b0: 0xff 0xff 0xff 0xff 0xff 0xff 0xff 0xff 0x1f8a8b8: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x1f8a8c0: 0x00 0x00 0x40 0x00 0x04 0x00 0x05 0x00 -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev