1433985 – (CVE-2016-10253) CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions

Bug 1433985 (CVE-2016-10253) - CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions

Summary: CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2016-10253
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1433989 1433986 1433988 1467165
Blocks:	1433990
TreeView+	depends on / blocked

Reported:	2017-03-20 13:51 UTC by Andrej Nemec
Modified:	2019-09-29 14:08 UTC (History)
CC List:	22 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 03:09:15 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2017-03-20 13:51:35 UTC

An issue was discovered in Erlang/OTP Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. 

References:

https://github.com/erlang/otp/pull/1108

Comment 1 Andrej Nemec 2017-03-20 13:55:58 UTC

Created erlang tracking bugs for this issue:

Affects: fedora-all [bug 1433986]
Affects: epel-6 [bug 1433988]
Affects: epel-7 [bug 1433989]

Note You need to log in before you can comment on or make changes to this bug.

apevec
ayoung
chrisw
cvsbot-xmlrpc
erlang
gmollett
jeckersb
jjoyce
jschluet
kbasil
lemenkov
lhh
lpeer
markmc
plemenko
rbryant
rhbugs
rjones
sclewis
sisharma
s
tdecacqu