Bug 383361 (CVE-2005-4872)
Summary: | CVE-2005-4872 pcre incorrect memory requirement computation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-11 17:37:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 411731, 413871, 414271 | ||
Bug Blocks: | 373021 |
Description
Josh Bressers
2007-11-14 20:52:04 UTC
Reference in PCRE changelog for version 6.2: 5. Named capturing subpatterns were not being correctly counted when a pattern was compiled. This caused two problems: (a) If there were more than 100 such subpatterns, the calculation of the memory needed for the whole compiled pattern went wrong, leading to an overflow error. (b) Numerical back references of the form \12, where the number was greater than 9, were not recognized as back references, even though there were sufficient previous subpatterns. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-1052.html |