Stack Corruption in PCRE 8.35
Bug #1549609 reported by
Craig Young
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pcre3 (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Various security issues have been fixed in PCRE since 8.35. Here is an example of using a malicious pattern within the Ubuntu PHP5 package that leads to stack corruption:
php5 -r 'preg_match(
Loading ftp://ftp.
Changed in pcre3 (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Low |
To post a comment you must log in.
Thanks for the bug report, Craig. We are aware of the issues fixed in 8.38 but we've prioritized them as 'low' since the issues require software that passes untrusted regexes to PCRE. We don't feel like this is common usage of PCRE.
We track these issues in the Ubuntu CVE Tracker:
http:// people. canonical. com/~ubuntu- security/ cve/pkg/ pcre3.html