Bug 431660 (CVE-2008-0674) - CVE-2008-0674 pcre: buffer overflow via large UTF-8 character class
Summary: CVE-2008-0674 pcre: buffer overflow via large UTF-8 character class
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2008-0674
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 431676 431677 431678 431679 431680
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-02-06 08:58 UTC by Tomas Hoger
Modified: 2019-09-29 12:23 UTC (History)
2 users (show)

Fixed In Version: 7.3-3.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-03-06 16:37:07 UTC


Attachments (Terms of Use)
Probable patch (1.42 KB, patch)
2008-02-06 09:15 UTC, Tomas Hoger
no flags Details | Diff

Description Tomas Hoger 2008-02-06 08:58:26 UTC
PCRE 7.6 fixed following bug:

1.  A character class containing a very large number of characters with
    codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
    overflow.

(http://pcre.org/changelog.txt)

Comment 2 Tomas Hoger 2008-02-06 09:15:21 UTC
Created attachment 294082 [details]
Probable patch

Diff between 7.5 and 7.6 stripped to what seems to be a patch for this issue.

Comment 6 Tomas Hoger 2008-02-06 14:27:52 UTC
This issue only affects PCRE versions 7.0 and newer.

PCRE versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4 and 5 are not
affected.

Comment 7 Fedora Update System 2008-02-13 05:02:04 UTC
glib2-2.14.6-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2008-02-15 16:26:42 UTC
pcre-7.3-3.fc8 has been submitted as an update for Fedora 8

Comment 9 Fedora Update System 2008-02-15 16:34:46 UTC
pcre-7.3-3.fc7 has been submitted as an update for Fedora 7

Comment 10 Fedora Update System 2008-02-19 03:14:43 UTC
pcre-7.3-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2008-02-19 03:20:29 UTC
pcre-7.3-3.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pcre'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F7/FEDORA-2008-1842

Comment 12 Fedora Update System 2008-03-06 16:36:36 UTC
pcre-7.3-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.