FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pcre -- heap overflow vulnerability

Affected packages
pcre < 8.37_4

Details

VuXML ID 6900e6f1-4a79-11e5-9ad8-14dae9d210b8
Discovery 2015-08-21
Entry 2015-08-24

Guanxing Wen reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex(). The Heap Overflow vulnerability is caused by the following regular expression.

/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/

A dry run of this particular regular expression with pcretest will reports "double free or corruption (!prev)". But it is actually a heap overflow problem. The overflow only affects pcre 8.x branch, pcre2 branch is not affected.

References

URL http://seclists.org/oss-sec/2015/q3/295
URL https://bugs.exim.org/show_bug.cgi?id=1672