------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1503 Summary: PCRE Library Stack Overflow Vulnerability Product: PCRE Version: 8.35 Platform: All OS/Version: All Status: NEW Severity: security Priority: medium Component: Code AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] Created an attachment (id=739) --> (http://bugs.exim.org/attachment.cgi?id=739) The regular expression that could reproduce the stack overflow. PCRE Library Stack Overflow Vulnerability ------------------------------------------------------------------ I. Summary PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside compile_regex(), the stack memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ------------------------------------------------------------------ II. Description PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into a number of prominent programs, such as the Adobe Flash, Apache HTTP Server, Nginx HTTP server, PHP and R scripting languages. Latest version of PCRE is prone to a Stack Overflow vulnerability which could caused by the following regular expression. /(((a\2)|(a*)\g<-1>))*a?/ To reproduce the problem, we could use pcretest provide by PCRE library or applications which is wrapped with PCRE such as PHP. For pcretest, simply type the regular expression after the re> For PHP, latest version of PHP 5.5/5.6 (wrapped with PCRE 8.35) could be triggered by following code snippet. <?php preg_match("/(((a\\2)|(a*)\\g<-1>))*a?/","abcd",$arr); ?> Carefully crafted regular expression may allow the attacker to control the EIP and other stack variables, resulting in code execution. Latest version of PCRE is tested under Windows and Linux. Other versions and applications may also be affected. ------------------------------------------------------------------ III. Impact Stack Overflow ------------------------------------------------------------------ IV. Affected Latest version of PCRE library (8.35). Other versions and applications may also be affected. ------------------------------------------------------------------ V. Solution There is no known workaround at this time. ------------------------------------------------------------------ VI. Credit Wen Guanxing from Venustech ADLAB is credited for this vulnerability. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
