Bug 384781 - (CVE-2006-7226) CVE-2006-7226 pcre miscalculation of memory requirements for repeated subpattern containing a named recursion or subroutine reference
CVE-2006-7226 pcre miscalculation of memory requirements for repeated subpatt...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://www.pcre.org/changelog.txt
impact=important,source=secalert,repo...
: Security
Depends On: 380511 380521 380531 380541 411731 413871 414271
Blocks: 380501
  Show dependency treegraph
 
Reported: 2007-11-15 10:20 EST by Tomas Hoger
Modified: 2010-09-24 07:41 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-11 12:26:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch agains pcre 6.4 provided by Ludwig Nussel of SUSE (1.38 KB, patch)
2007-11-15 10:20 EST, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2007-11-15 10:20:36 EST
From pcre changelog, version 6.7:

26. If a subpattern containing a named recursion or subroutine reference such
    as (?P>B) was quantified, for example (xxx(?P>B)){3}, the calculation of
    the space required for the compiled pattern went wrong and gave too small a
    value. Depending on the environment, this could lead to "Failed: internal
    error: code overflow at offset 49" or "glibc detected double free or
    corruption" errors.

Acknowledgements:

Red Hat would like to thank Ludwig Nussel for reporting this issue.
Comment 1 Tomas Hoger 2007-11-15 10:20:36 EST
Created attachment 259921 [details]
Patch agains pcre 6.4 provided by Ludwig Nussel of SUSE
Comment 4 Mark J. Cox (Product Security) 2007-11-28 05:07:21 EST
Now public via SUSE advisory, removing embargo
Comment 9 Red Hat Product Security 2008-01-11 12:26:53 EST
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-1059.html
  http://rhn.redhat.com/errata/RHSA-2007-1068.html

Note You need to log in before you can comment on or make changes to this bug.