[Bug 1312782] pcre: Heap buffer overflow in pcretest causing infinite loop (8.39/15)

Sun, 20 Mar 2016 04:22:04 -0700 

https://bugzilla.redhat.com/show_bug.cgi?id=1312782

Tomas Hoger <tho...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|medium                      |unspecified
             Status|NEW                         |CLOSED
   Fixed In Version|                            |pcre 8.39
         Resolution|---                         |NOTABUG
            Summary|pcre: Heap buffer overflow  |pcre: Heap buffer overflow
                   |in pcretest causing         |in pcretest causing
                   |infinite loop               |infinite loop (8.39/15)
         Whiteboard|impact=moderate,public=2016 |impact=none,public=20160114
                   |0114,reported=20160114,sour |,reported=20160114,source=r
                   |ce=redhat,cvss2=4.3/AV:N/AC |edhat,cwe=CWE-122,rhel-5/pc
                   |:M/Au:N/C:N/I:N/A:P,cwe=CWE |re=new,rhel-6/pcre=new,rhel
                   |-122,rhel-5/pcre=new,rhel-6 |-7/pcre=new,rhel-6/glib2=ne
                   |/pcre=new,rhel-7/pcre=new,r |w,rhel-7/glib2=new,rhel-7/v
                   |hel-6/glib2=new,rhel-7/glib |irtuoso-opensource=new,rhsc
                   |2=new,rhel-7/virtuoso-opens |l-2/php54-php=new,rhscl-2/p
                   |ource=new,rhscl-2/php54-php |hp55-php=new,rhscl-2/rh-php
                   |=new,rhscl-2/php55-php=new, |56-php=new,rhscl-2/rh-maria
                   |rhscl-2/rh-php56-php=new,rh |db100-mariadb=new,rhscl-2/r
                   |scl-2/rh-mariadb100-mariadb |h-mariadb101-mariadb=new,jb
                   |=new,rhscl-2/rh-mariadb101- |ews-1/httpd=new,jbews-2/htt
                   |mariadb=new,jbews-1/httpd=n |pd=new,jbews-3/pcre=new,dir
                   |ew,jbews-2/httpd=new,jbews- |ectory_server_8/pcre=new,fe
                   |3/pcre=new,directory_server |dora-all/pcre=affected,fedo
                   |_8/pcre=new,fedora-all/pcre |ra-all/mingw-pcre=affected,
                   |=affected,fedora-all/mingw- |fedora-all/glib2=affected,f
                   |pcre=affected,fedora-all/gl |edora-all/mingw-glib2=affec
                   |ib2=affected,fedora-all/min |ted,epel-7/mingw-pcre=affec
                   |gw-glib2=affected,epel-7/mi |ted,epel-7/mingw-glib2=affe
                   |ngw-pcre=affected,epel-7/mi |cted
                   |ngw-glib2=affected          |
           Severity|medium                      |unspecified
        Last Closed|                            |2016-03-17 10:06:19



--- Comment #9 from Tomas Hoger <tho...@redhat.com> ---
This is similar to bug 1285413 comment 7 and not relevant / security for the
same reasons - pcretest is an application used for testing the pcre library. 
It offers ways to use the library in ways that are incorrect with respect to
the documented API.

Additionally, as this flaw is in the pcretest application, components that
embed the pcre library while not using pcretest (e.g. glib2 mentioned above)
could not have been affected.

Upstream version 8.13 is the first where infinite loop is triggered, valgrind
reports "Conditional jump or move depends on uninitialised value(s)" error in
earlier versions.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/mingw@lists.fedoraproject.org

Reply via email to