[Secure-testing-team] Bug#806467: pcre3: Heap overflow / invalid write in fuction pcre_exec
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 27 18:25:34 UTC 2015
Source: pcre3
Version: 2:8.35-8
Severity: normal
Tags: security upstream patch fixed-upstream
Forwarded: https://bugs.exim.org/show_bug.cgi?id=1637
Hi
(This is to have a BTS reference for this bug, since no CVE id was
assigned so far; I know there is work on pcre2 now).
Hanno Böck reported a heap overflow in the pcre_exec function, cf.
https://bugs.exim.org/show_bug.cgi?id=1637
Fixed by commit http://vcs.pcre.org/pcre?view=revision&revision=1565
(8.38).
https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html
Regards,
Salvatore
More information about the Secure-testing-team
mailing list