It was reported that pcre_exec in PHP pcre extension partially initialize a buffer when an invalid regex is processed, which can information disclosure. A mitigation fix have been applied in PHP 5.4+ http://git.php.net/?p=php-src.git;a=commitdiff;h=c351b47ce85a3a147cfa801fa9f0149ab4160834 Upstream bug report (with a patch proposal): http://bugs.exim.org/show_bug.cgi?id=1537
The upstream PCRE bug contains detailed description of the issue along with a possible way to reproduce this way: https://bugs.exim.org/show_bug.cgi?id=1537 From the analysis it seems that the maximum impact of this flaw is memory disclosure, which could be an issue specially when pcre is used in web browsers or other similar products, specially when the disclosed memory is recoverable by the attackers. This patch has been committed upstream via: http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510 And is a part of upstream release pcre-8.37 CVE Request: http://openwall.com/lists/oss-security/2015/08/04/2
Note: This flaw is related to bad regex code and does not require malicious user-input to trigger.
Created mingw-pcre tracking bugs for this issue: Affects: fedora-all [bug 1249905]
Created pcre tracking bugs for this issue: Affects: fedora-21 [bug 1249906]