|
Message-ID: <tencent_00731D3252EC3A604F70E769@qq.com> Date: Tue, 11 Jul 2017 10:03:01 +0800 From: "ben" <qbenjin@...com> To: "oss-security" <oss-security@...ts.openwall.com> Cc: "huangyonggang" <huangyonggang@...60.cn> Subject: Re: [scr358145] pcre-8.41 - 8.41 > [Suggested description] > In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c > allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. > > ------------------------------------------ > > [Additional Information] > This vulns like CVE-2017-9729. > it is about line 2061 (from the https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=markup page) of pcre_exec.c: > > RMATCH(eptr, prev, offset_top, md, eptrb, RM13); > > this recursive calls case Segmentation fault ,because of stack exhaustion. > > > The poc code like: > > if(regcomp (®tmp,"\x28\x61\x2A\x5C\x56\x2A\x5C\x43\x2B\x29\x2A\x6F\xE5\xA2\x80", REG_UTF8 )==0) > { > regmatch_t pmatch[1]; > regexec(®tmp, "\x6C\x6F\xE5\xA2\x80\x2D ",1, pmatch, 0); > regfree(®tmp); > } > with configure --enable-utf > > ------------------------------------------ > > [VulnerabilityType Other] > stack exhaustion > > ------------------------------------------ > > [Vendor of Product] > http://www.pcre.org/ > > ------------------------------------------ > > [Affected Product Code Base] > pcre-8.41 - 8.41 > > ------------------------------------------ > > [Affected Component] > pcre_exec.c > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Denial of Service] > true > > ------------------------------------------ > > [Attack Vectors] > many methods! many program use pcre, like: php and nginx ,please see: https://en.wikipedia.org/wiki/Comparison_of_regular_expression_engines > > ------------------------------------------ > > [Reference] > https://en.wikipedia.org/wiki/Comparison_of_regular_expression_engines > http://www.pcre.org/ > > ------------------------------------------ > > [Discoverer] > Benjin Liu, codesafe of qihoo 360 ,http://codesafe.cn Use CVE-2017-11164. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZY7EfAAoJEHb/MwWLVhi2wBIP/jIMwxZB892scrm393PA4zM3 adhV1TQ2tkpG4ALp4zC0MhHFfVr11LuWlSxsgu/OGHBTPLYldbK+hhVOtaV7EqSB +vrvAKEepOJKLB71AR4XpixzedQnP0+SOAgYvnpVI3LW/Yb2j2yZhhTbzh6H+5Zy Z75mpeDH7HibIkTgFMlAJ6d/3VsN7Xmadc9YzZ7m+NvdU/r3pg+/dxQHd1zwrMPl 3V/IBVpAq0XiHUy470mruV7EUWAdB8rWIoN1AAxN61aiCrp0xZ/MIEXOqQPyswhd bO7jrJgeCUbovhi/PZMINX67zgTVt+yOfnpgwr5wLFoTXjzES1N1sdNWruGSN/VY SrGimn286l/bYaDCr5nY4o6W+RALuIMw/gJL6VBuJFcQ9aNpG9GH3JdT154TZwDt HM3LHX8tGPULeVLRFn77rdmaoaWUaEYvvBb6UvwQyTn81lx6TNCu3nVULCxNnkpp EVypMZo4SJ8nxJjfA+Ccvy1ZJimMAkb5mZvu+dVT95sN827HvYAVyvxQx1a7aeku euBjypn84Jx+tj9q4Hgkto8qwmJGar1dWab8/qh8YH1KLpfXgIoNMlUcSWjvdB53 QPv2btH48/aHnZ5Gp+0D7CxWxUtP2FoSzghlINjakJ1/zXGhGgqJoRnF9BjZ/uTG yuPbKM/5rrPKj9Q9Gc/t =rH9J -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.