Stack Corruption in PCRE 8.35

Bug #1549609 reported by Craig Young on 2016-02-25
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pcre3 (Ubuntu)
Low
Unassigned

Bug Description

Various security issues have been fixed in PCRE since 8.35. Here is an example of using a malicious pattern within the Ubuntu PHP5 package that leads to stack corruption:

php5 -r 'preg_match("/(?(1)(()(?1)1)+)/","abcdef", $matches, PREG_OFFSET_CAPTURE);'

Loading ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz with the upgrade-pcre.php script resolves this issue.

Tyler Hicks (tyhicks) wrote :

Thanks for the bug report, Craig. We are aware of the issues fixed in 8.38 but we've prioritized them as 'low' since the issues require software that passes untrusted regexes to PCRE. We don't feel like this is common usage of PCRE.

We track these issues in the Ubuntu CVE Tracker:

  http://people.canonical.com/~ubuntu-security/cve/pkg/pcre3.html

information type: Private Security → Public Security
affects: php5 (Ubuntu) → pcre3 (Ubuntu)
Tyler Hicks (tyhicks) on 2016-02-26
Changed in pcre3 (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Marc Deslauriers (mdeslaur) wrote :

These should now be fixed by the following update:

http://www.ubuntu.com/usn/usn-2943-1/

Changed in pcre3 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers