Bug 1232053 - CVE-2015-3210 Multiple Buffer overflows
Summary: CVE-2015-3210 Multiple Buffer overflows
Keywords:
Status: CLOSED DUPLICATE of bug 1226918
Alias: None
Product: Fedora
Classification: Fedora
Component: pcre
Version: 22
Hardware: All
OS: All
unspecified
high
Target Milestone: ---
Assignee: Petr Pisar
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-16 00:24 UTC by Sven Heyll
Modified: 2015-06-16 07:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-06-16 07:10:08 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Sven Heyll 2015-06-16 00:24:16 UTC
Description of problem:
Multiple buffer overflows leading to arbitrary code execution;
see https://bugs.exim.org/show_bug.cgi?id=1636

Version-Release number of selected component (if applicable):
pcre version 8.33 - 8.37

How reproducible:
Always

Steps to Reproduce:
1. Start 'pcretest' from pcre-tools
2. Run this regex: /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/
   in the 're>' prompt

Actual results:
*** Error in `pcretest': free(): invalid next size (normal): 0x0000000001e8aa40 ***
*** Error in `pcretest': malloc(): memory corruption: 0x0000000001e8aae0 ***


Expected results:
 data>

Comment 1 Petr Pisar 2015-06-16 07:10:08 UTC
Security bugs are handled by security team. This one happens when compiling the expression and as such it probably will not be handled as a security bug. See bug 1226918.

*** This bug has been marked as a duplicate of bug 1226918 ***


Note You need to log in before you can comment on or make changes to this bug.