Bug 384761 - (CVE-2006-7225) CVE-2006-7225 pcre miscalculation of memory requirements for malformed Posix character class
CVE-2006-7225 pcre miscalculation of memory requirements for malformed Posix ...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://www.pcre.org/changelog.txt
impact=important,source=secalert,repo...
: Security
Depends On: 380511 380521 380531 380541 411731 413871 414271
Blocks: 380501
  Show dependency treegraph
 
Reported: 2007-11-15 10:14 EST by Tomas Hoger
Modified: 2010-09-24 07:31 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-11 12:26:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch agains pcre 6.4 provided by Ludwig Nussel of SUSE (1.07 KB, patch)
2007-11-15 10:16 EST, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2007-11-15 10:14:54 EST
From pcre changelog, version 6.7:

18. A valid (though odd) pattern that looked like a POSIX character
    class but used an invalid character after [ (for example [[,abc,]]) caused
    pcre_compile() to give the error "Failed: internal error: code overflow" or
    in some cases to crash with a glibc free() error. This could even happen if
    the pattern terminated after [[ but there just happened to be a sequence of
    letters, a binary zero, and a closing ] in the memory that followed.

Acknowledgements:

Red Hat would like to thank Ludwig Nussel for reporting this issue.
Comment 1 Tomas Hoger 2007-11-15 10:16:21 EST
Created attachment 259901 [details]
Patch agains pcre 6.4 provided by Ludwig Nussel of SUSE
Comment 4 Mark J. Cox (Product Security) 2007-11-28 05:06:55 EST
Now public via SUSE advisory, removing embargo
Comment 9 Red Hat Product Security 2008-01-11 12:26:32 EST
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-1059.html
  http://rhn.redhat.com/errata/RHSA-2007-1068.html

Note You need to log in before you can comment on or make changes to this bug.