Bug 1320995 (CVE-2014-9769) - CVE-2014-9769 pcre: incorrect nested table jumps when JIT is used (8.36/6)
Summary: CVE-2014-9769 pcre: incorrect nested table jumps when JIT is used (8.36/6)
Alias: CVE-2014-9769
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1320996 1320997 1320998 1320999 1321000 1321001 1321002
Blocks: 1285420 1321003
TreeView+ depends on / blocked
Reported: 2016-03-24 12:54 UTC by Adam Mariš
Modified: 2019-09-29 13:46 UTC (History)
41 users (show)

Fixed In Version: pcre 8.36
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2016-04-01 12:05:44 UTC

Attachments (Terms of Use)

Description Adam Mariš 2016-03-24 12:54:49 UTC
It was reported that segmentation fault in surricata appeared when certain regex is processed by pcre_exec in libpcre3.

Bug report:


Comment 1 Adam Mariš 2016-03-24 12:56:31 UTC
Created pcre tracking bugs for this issue:

Affects: fedora-all [bug 1320996]

Comment 2 Adam Mariš 2016-03-24 12:56:49 UTC
Created suricata tracking bugs for this issue:

Affects: fedora-all [bug 1321002]

Comment 3 Adam Mariš 2016-03-24 12:57:02 UTC
Created glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1320998]

Comment 4 Adam Mariš 2016-03-24 12:57:16 UTC
Created mingw-glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1320999]
Affects: epel-7 [bug 1321001]

Comment 5 Adam Mariš 2016-03-24 12:57:31 UTC
Created mingw-pcre tracking bugs for this issue:

Affects: fedora-all [bug 1320997]
Affects: epel-7 [bug 1321000]

Comment 6 Petr Pisar 2016-03-24 14:04:43 UTC
Could you please provide reproducer? The debian bug report <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050> is missing the "file" file content.

Moreover, the reporter claimed it happens with pcre-8.35 but not with 8.38. We have 8.38 in all supported Fedoras.

Comment 7 Andrej Nemec 2016-03-29 07:48:20 UTC
CVE assignment:


Comment 8 Petr Pisar 2016-03-29 08:04:16 UTC
This was fixes with upstream commit:

commit 60f995fc2f823183783633d5eb8af2eceb0bb663
Author: zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date:   Fri Apr 25 11:59:19 2014 +0000

    Fixed an issue with nested table jumps.
    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1475 2f5784b3-3f2a-0410-8824-cb99058d5e15

and fixed in subsequent pcre-8.36 release.

Reproducer from the commit:

$ printf '%s\n%s\n' '/(?:x|(?:(xx|yy)+|x|x|x|x|x)|a|a|a)bc/' 'acb' | ./pcretest -s++
PCRE version 8.35 2014-04-04

  re> Segmentation fault (core dumped)

Comment 9 Tomas Hoger 2016-04-01 12:05:44 UTC
The following post indicates that this issue was introduced in pcre version 8.35 via the following commit:


and corrected in 8.36 using the following commit (the same one as pointed out in comment 8 above):


Only upstream version 8.35 was affected by this issue.  Red Hat products do not currently contain any package that includes pcre version 8.35.

Note You need to log in before you can comment on or make changes to this bug.