[Bug 1549609] [NEW] Stack Corruption in PCRE 8.35
Launchpad Bug Tracker
1549609 at bugs.launchpad.net
Fri Feb 26 17:08:52 UTC 2016
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
Various security issues have been fixed in PCRE since 8.35. Here is an
example of using a malicious pattern within the Ubuntu PHP5 package that
leads to stack corruption:
php5 -r 'preg_match("/(?(1)(()(?1)1)+)/","abcdef", $matches,
PREG_OFFSET_CAPTURE);'
Loading
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
with the upgrade-pcre.php script resolves this issue.
** Affects: pcre3 (Ubuntu)
Importance: Undecided
Status: New
--
Stack Corruption in PCRE 8.35
https://bugs.launchpad.net/bugs/1549609
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to pcre3 in Ubuntu.
More information about the foundations-bugs
mailing list