Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1425365 - (CVE-2017-6004) CVE-2017-6004 pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)
CVE-2017-6004 pcre: Out-of-bounds read in compile_bracket_matchingpath functi...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170214,repor...
: Security
Depends On: 1425391 1425392 1425393 1425396 1425394 1425395
Blocks: 1425368 1439436
  Show dependency treegraph
 
Reported: 2017-02-21 04:39 EST by Adam Mariš
Modified: 2018-08-16 12:08 EDT (History)
37 users (show)

See Also:
Fixed In Version: pcre 8.41
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2486 None None None 2018-08-16 12:08 EDT

  None (edit)
Description Adam Mariš 2017-02-21 04:39:48 EST 
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

Upstream patch:

https://vcs.pcre.org/pcre?view=revision&revision=1680

Upstream bug:

https://bugs.exim.org/show_bug.cgi?id=2035
Comment 1 Adam Mariš 2017-02-21 05:28:57 EST 
Created glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1425394]


Created mingw-glib2 tracking bugs for this issue:

Affects: epel-7 [bug 1425392]
Affects: fedora-all [bug 1425396]


Created mingw-pcre tracking bugs for this issue:

Affects: epel-7 [bug 1425393]
Affects: fedora-all [bug 1425391]


Created pcre tracking bugs for this issue:

Affects: fedora-all [bug 1425395]
Comment 2 Richard W.M. Jones 2017-02-21 06:29:14 EST 
virt-p2v (an ISO that we ship in RHEL 7) contains an embedded
copy of pcre.

However it does NOT call pcre_jit_compile explicitly.  Do you know
if this function can be called implicitly (eg from pcre_compile,
which virt-p2v does call)?
Comment 3 Petr Pisar 2017-02-21 08:58:13 EST 
PCRE does not use JIT by default. An application must request JIT explicitly by calling pcre_study() (pcre16_study() or pcre32_study()) with some of PCRE_STUDY_JIT_* values in the second parameter.
Comment 4 Fedora Update System 2017-02-22 12:52:06 EST 
pcre-8.40-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Stefan Cornelius 2017-08-25 08:58:23 EDT 
This issue affects the versions of rh-php70-php as shipped with Red Hat Software Collections 2.4 for Red Hat Enterprise Linux 6. This issue does not affect the versions of rh-php70-php as shipped with Red Hat Software Collections 2.4 for Red Hat Enterprise Linux 7.
Comment 12 errata-xmlrpc 2018-08-16 12:08:16 EDT 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:2486
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.