[Bug 1311503] New: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1311503

            Bug ID: 1311503
           Summary: pcre: workspace overflow for (*ACCEPT) with deeply
                    nested parentheses (8.39/13, 10.22/12)
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: tho...@redhat.com
                CC: adam.sto...@gmail.com, and...@beekhof.net,
                    csuth...@redhat.com, databases-ma...@redhat.com,
                    dk...@redhat.com, erik-fed...@vanpienbroek.nl,
                    fedora-mi...@lists.fedoraproject.org,
                    fiden...@redhat.com, jcl...@redhat.com,
                    jdor...@redhat.com, jdo...@redhat.com,
                    jgrul...@redhat.com, jor...@redhat.com,
                    klem...@redhat.com, l...@redhat.com, lkund...@v3.sk,
                    marcandre.lur...@redhat.com, mbaba...@redhat.com,
                    mcla...@redhat.com, mmasl...@redhat.com,
                    myarb...@redhat.com, pmy...@valanet.net,
                    ppi...@redhat.com, pslav...@redhat.com,
                    rcol...@redhat.com, rjo...@redhat.com,
                    rmegg...@redhat.com, rsvob...@redhat.com,
                    t.sai...@alumni.ethz.ch, twa...@redhat.com,
                    walt...@redhat.com, webstack-t...@redhat.com,
                    w...@redhat.com



ZDI reported a stack-based buffer overflow in pcre and pcre2.  ZDI-CAN-3542 id
is used to identify the issue.

https://bugs.exim.org/show_bug.cgi?id=1791

  PCRE does not validate that handling the (*ACCEPT) verb will occur within
  the bounds of the cworkspace stack buffer, leading to a stack buffer
overflow.

Fixed upstream in pcre and pcre2 via the following commits:

http://vcs.pcre.org/pcre?view=revision&revision=1631
http://vcs.pcre.org/pcre2?view=revision&revision=489

Issue is triggered by the following pattern:

/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/

PCRE 8.00 seems to be the first affected version.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/mingw@lists.fedoraproject.org