https://bugs.exim.org/show_bug.cgi?id=2053
Bug ID: 2053 Summary: another invalid memory read in match (pcre_exec.c) Product: PCRE Version: 8.40 Hardware: x86-64 OS: Linux Status: NEW Severity: bug Priority: medium Component: Code Assignee: p...@hermes.cam.ac.uk Reporter: a...@gentoo.org CC: pcre-dev@exim.org Hello, I found an invalid memory read through fuzzing. It was tested on version 8.40, compiled with clang-3.9.1 Since pcre_exec.c is part of the library, you can consider it a security bug and change the severity Output, included stacktrace in attachment. Command to reproduce: # pcretest -32 -d $FILE Reproducer: https://github.com/asarubbo/poc/blob/master/00205-pcre-invalidread2-pcre_exec ( I know that is preferable attach reproducer here, but this link won't expire in the future ) -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev