ZDI reported a stack-based buffer overflow in pcre and pcre2. ZDI-CAN-3542 id is used to identify the issue. https://bugs.exim.org/show_bug.cgi?id=1791 PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow. Fixed upstream in pcre and pcre2 via the following commits: http://vcs.pcre.org/pcre?view=revision&revision=1631 http://vcs.pcre.org/pcre2?view=revision&revision=489 Issue is triggered by the following pattern: /([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ PCRE 8.00 seems to be the first affected version.
The above fix was already applied to Fedora pcre and pcre2 packages.
CVE assigned by Mitre today, via CVENEW.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1025 https://rhn.redhat.com/errata/RHSA-2016-1025.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Via RHSA-2016:1132 https://access.redhat.com/errata/RHSA-2016:1132