It was found that PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, causing infinite recursion in the JIT compiler and allowing remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression.
Created pcre tracking bugs for this issue: Affects: fedora-all [bug 1287660]
Created glib2 tracking bugs for this issue: Affects: fedora-all [bug 1287662]
Created mingw-pcre tracking bugs for this issue: Affects: fedora-all [bug 1287661] Affects: epel-7 [bug 1287663]
Corresponds to item 21 in http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
Fixed in upstream with: commit 32c5e4cd1777e53d0da4e5e7bbd227725d12fc14 Author: zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15> Date: Mon Jul 20 07:53:12 2015 +0000 Fix infinite recursion in the JIT compiler when certain patterns when certai n patterns are analysed. git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1577 2f5784b3-3f2a-0410-8824- cb99058d5e15
Reproducer is to pass /(?:|a|){100}x/S++ expression to pcretest.
pcre-8.38-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to Petr Pisar from comment #5) > commit 32c5e4cd1777e53d0da4e5e7bbd227725d12fc14 > Author: zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15> > Date: Mon Jul 20 07:53:12 2015 +0000 > > Fix infinite recursion in the JIT compiler when certain patterns when > certain patterns are analysed. Upstream commit link: http://vcs.pcre.org/pcre?view=revision&revision=1577 This problem was introduced in version 8.35. While PHP and MariaDB versions embed recent PCRE versions, they do not enable JIT and hence are not affected.