Vigil@nce - PCRE: buffer overflow
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the attacker can change a PCRE regular expression, he can
generate an overflow in an application using the PCRE library,
leading to a denial of service and possibly to code execution.
Severity: 2/4
Creation date: 06/05/2010
DESCRIPTION OF THE VULNERABILITY
The PCRE library implements Perl compatible regular expressions
(different than POSIX).
The pcre_compile.c file checks if the regular expression is too
long, and returns an error. However, this check is done after the
overflow. This check is thus inefficient.
When the attacker can change a PCRE regular expression, he can
therefore generate an overflow in an application using the PCRE
library, leading to a denial of service and possibly to code
execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN