Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - PCRE: buffer overflow

May 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

When the attacker can change a PCRE regular expression, he can
generate an overflow in an application using the PCRE library,
leading to a denial of service and possibly to code execution.

Severity: 2/4

Creation date: 06/05/2010

DESCRIPTION OF THE VULNERABILITY

The PCRE library implements Perl compatible regular expressions
(different than POSIX).

The pcre_compile.c file checks if the regular expression is too
long, and returns an error. However, this check is done after the
overflow. This check is thus inefficient.

When the attacker can change a PCRE regular expression, he can
therefore generate an overflow in an application using the PCRE
library, leading to a denial of service and possibly to code
execution.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/PCRE-buffer-overflow-9631


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts