https://bugs.exim.org/show_bug.cgi?id=393
--- Comment #8 from Andrey V. Malyshev <a...@krasn.ru> --- How does this relate to the issue discussed here? (In reply to rapepav820 from comment #7) > (In reply to Pihuram from comment #6) > > https://naturomac.com/ > > The latest version of PCRE (pcre2-10.34-RC1, pcre2-10.33) is prone to a stack > http://www.sprite-ideas.com/ > overflow vulnerability in internal_dfa_match() (pcre2_dfa_match.c) which can > be > triggered using a crafted regular expression. Upon execution of the crafted > regular expression, the function internal_dfa_match() calls itself > recursively, > resulting into uncontrolled recursion. It exceeds the stack size limit (8 > MB), > finally resulting into stack exhaustion. An attacker can potentially exploit > this issue to perform remote code execution or denial of service attack. > > ===================== > Output of ASAN compiled library (-fsanitize=address) > > Run as: ./pcre2test sbovf-input (attached herewith) > http://www.componentanalysis.org/ > > -------------------- > ASAN:DEADLYSIGNAL > > ==17245==ERROR: AddressSanitizer: stack-overflow on address 0x7fffff7feff8 > (pc > 0x5555555afcc7 bp 0x7fffff7ff4b0 sp 0x7fffff7fefe0 T0) > #0 0x5555555afcc6 in internal_dfa_match src/pcre2_dfa_match.c:2859 > #1 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #2 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > http://www.environmentaleducationnews.com/ > #3 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #4 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #5 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #6 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #7 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > http://toscanoandsonsblog.com/ > #8 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #9 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #10 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > ... > <skipped> > ... > #240 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #241 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > http://www.mic-sound.net/ > #242 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #243 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #244 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > http://www.craftpatternwarehouse.com/ > #245 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #246 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #247 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #248 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #249 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > #250 0x5555555b4020 in internal_dfa_match src/pcre2_dfa_match.c:2871 > > > > > > SUMMARY: AddressSanitizer: stack-overflow src/pcre2_dfa_match.c:2859 in > internal_dfa_match http://www.slipstone.co.uk/ > ==17245==ABORTING > > ==================== > With gdb > -------------------- > $ gdb ./pcre2test http://www.bigeasydesarucoast.com/ > > (gdb) r sbovf-input > Program received signal SIGSEGV, Segmentation fault. > 0x00005555555aaab4 in internal_dfa_match (mb=mb@entry=0x7fffffff5800, > this_start_code=this_start_code@entry=0x611000000acf "\210", > current_subject=current_subject@entry=0x629000002eb1 '\200' <repeats 200 > times>..., http://matslideborg.com/ > start_offset=start_offset@entry=6522, offsets=offsets@entry=0x7fffec780030, > offsetcount=offsetcount@entry=1000, https://www.hr-itconsulting.tech/ > > > > http://www.izidil.com/ workspace=0x7fffec781f70, wscount=1000, > rlevel=6522, RWS=0x7fffeb8c5800) at src/pcre2_dfa_match.c:533 > http://padreislandtv.com/ > > > > > The latest version of PCRE (pcre2-10.34-RC1, pcre2-10.33) is prone to a stack > overflow vulnerability http://www.dontfuckwiththeearth.com/ in > internal_dfa_match() > (pcre2_dfa_match.c) which can be triggered using a crafted regular > expression. > Upon execution of the crafted regular expression, the function > internal_dfa_match() http://openbsdvps.net/ calls itself recursively, > resulting into uncontrolled recursion. http://www.artofcharlesgriffith.com/It > exceeds the stack size limit (8 MB), > finally resulting into stack exhaustion. An attacker can potentially exploit > this issue to perform http://www.griintravel.com/ remote code execution or > denial > of service attack. > > SOURCE > http://www.lanavebruja.com/ > http://www.nzhorses.co.nz/ > http://www.heurisko.co.nz/ > http://www.totalregistrations.co/ > https://www.waterspumpingservices.co.nz > http://fb.tiranna.org/ > http://fb.tiranna.org/essences.html > https://www.laikadesign.net/ > http://www.osubg.org/ > http://www.english-for-winners.com/ -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
