Bug 384801 - (CVE-2006-7230) CVE-2006-7230 pcre miscalculation of memory requirements if options are changed during pattern compilation
CVE-2006-7230 pcre miscalculation of memory requirements if options are chang...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 380511 380521 380531 380541 411731 413871 414271
  Show dependency treegraph
Reported: 2007-11-15 10:32 EST by Tomas Hoger
Modified: 2010-09-24 10:42 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-11 12:34:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-11-15 10:32:21 EST
From pcre changelog, version 7.0:

4. Fixed a major bug that caused incorrect computation of the amount of memory
    required for a compiled pattern when options that changed within the
    pattern affected the logic of the preliminary scan that determines the
    length. The relevant options are -x, and -i in UTF-8 mode. The result was
    that the computed length was too small. The symptoms of this bug were
    either the PCRE error "internal error: code overflow" from pcre_compile(),
    or a glibc crash with a message such as "pcretest: free(): invalid next
    size (fast)". Examples of patterns that provoked this bug (shown in
    pcretest format) are:

      /(?-x: )/x
      /(?x)(?-x: \s*#\s*)/

    HOWEVER: Change 17 below makes this fix obsolete as the memory computation
    is now done differently.


Red Hat would like to thank Ludwig Nussel for reporting this issue.
Comment 5 Mark J. Cox 2007-11-28 05:08:59 EST
Now public via SUSE advisory, removing embargo
Comment 10 Red Hat Product Security 2008-01-11 12:34:02 EST
This issue was addressed in:

Red Hat Enterprise Linux:

Note You need to log in before you can comment on or make changes to this bug.