Ubuntu
pcre3 package

Stack Corruption in PCRE 8.35

Bug #1549609 reported by Craig Young
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pcre3 (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Various security issues have been fixed in PCRE since 8.35. Here is an example of using a malicious pattern within the Ubuntu PHP5 package that leads to stack corruption:

php5 -r 'preg_match("/(?(1)(()(?1)1)+)/","abcdef", $matches, PREG_OFFSET_CAPTURE);'

Loading ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz with the upgrade-pcre.php script resolves this issue.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Thanks for the bug report, Craig. We are aware of the issues fixed in 8.38 but we've prioritized them as 'low' since the issues require software that passes untrusted regexes to PCRE. We don't feel like this is common usage of PCRE.

We track these issues in the Ubuntu CVE Tracker:

  http://people.canonical.com/~ubuntu-security/cve/pkg/pcre3.html

information type: Private Security → Public Security
affects: php5 (Ubuntu) → pcre3 (Ubuntu)
Tyler Hicks (tyhicks)
Changed in pcre3 (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

These should now be fixed by the following update:

http://www.ubuntu.com/usn/usn-2943-1/

Changed in pcre3 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.