*** This bug is a security vulnerability *** Public security bug reported:
Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 - libpcre3 can be made to crash when matching the pattern \s*= when the context is n\xff= Able to reproduce on current Bionic using the PoC attached (which is copied directly from the upstream bug report) - in a fresh Bionic VM: $ sudo apt install build-essential libgtk2.0-dev $ cd PCRE_PoC $ ./compilePoC.sh $ ./PoC Content: ------------------- n�= ------------------- Pattern: ------------------- \s*= --------------------- Segmentation fault (core dumped) Haven't yet tested the second PoC via an external disk autorun.inf and gvfs-udisks2-volume-monitor. Also haven't tested in Cosmic / older releases ** Affects: pcre3 (Ubuntu) Importance: Undecided Status: Confirmed ** Attachment added: "PoC from upstream bug report" https://bugs.launchpad.net/bugs/1798725/+attachment/5202814/+files/PoC_pcre_gnome.zip -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcre3 in Ubuntu. https://bugs.launchpad.net/bugs/1798725 Title: Content "n\xff=" can crash libpcre when an application is matching the pattern \s*= Status in pcre3 package in Ubuntu: Confirmed Bug description: Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 - libpcre3 can be made to crash when matching the pattern \s*= when the context is n\xff= Able to reproduce on current Bionic using the PoC attached (which is copied directly from the upstream bug report) - in a fresh Bionic VM: $ sudo apt install build-essential libgtk2.0-dev $ cd PCRE_PoC $ ./compilePoC.sh $ ./PoC Content: ------------------- n�= ------------------- Pattern: ------------------- \s*= --------------------- Segmentation fault (core dumped) Haven't yet tested the second PoC via an external disk autorun.inf and gvfs-udisks2-volume-monitor. Also haven't tested in Cosmic / older releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1798725/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
