1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
PublicDateAtUSN: 2015-12-01
Candidate: CVE-2015-8381
PublicDate: 2015-12-01
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8381
http://www.openwall.com/lists/oss-security/2015/08/24/1
http://www.openwall.com/lists/oss-security/2015/08/05/3
http://www.openwall.com/lists/oss-security/2015/11/29/1
http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
http://www.ubuntu.com/usn/usn-2943-1
Description:
The compile_regex function in pcre_compile.c in PCRE before 8.38 and
pcre2_compile.c in PCRE2 before 10.2x mishandles the
/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and
/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/
patterns, and related patterns with certain group references, which allows
remote attackers to cause a denial of service (heap-based buffer overflow)
or possibly have unspecified other impact via a crafted regular expression,
as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Ubuntu-Description:
Notes:
tyhicks> Marking 'low' since it requires PCRE to operate on untrusted regular
expressions which is not very likely
mdeslaur> introduced in 8.34
mdeslaur>
mdeslaur> 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch
mdeslaur> in jessie
Bugs:
https://launchpad.net/bugs/1549609
https://bugs.exim.org/show_bug.cgi?id=1667
https://bugs.exim.org/show_bug.cgi?id=1672
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795539
https://bugzilla.redhat.com/show_bug.cgi?id=1250943
Priority: low
Discovered-by: Wen Guanxing
Assigned-to:
Patches_pcre3:
upstream: http://vcs.pcre.org/pcre?view=revision&revision=1594
upstream_pcre3: released (8.38)
precise_pcre3: not-affected
precise/esm_pcre3: not-affected
trusty_pcre3: not-affected (reproducer doesn't work)
vivid_pcre3: ignored (reached end-of-life)
vivid/stable-phone-overlay_pcre3: pending (2:8.35-3.3ubuntu1.3)
vivid/ubuntu-core_pcre3: released (2:8.35-3.3ubuntu1.2)
wily_pcre3: released (2:8.35-7.1ubuntu1.3)
xenial_pcre3: not-affected (2:8.38-3)
yakkety_pcre3: not-affected (2:8.38-3)
zesty_pcre3: not-affected (2:8.38-3)
devel_pcre3: not-affected (2:8.38-3)
Patches_pcre2:
upstream_pcre2: released (10.20-3)
precise_pcre2: DNE
precise/esm_pcre2: DNE
trusty_pcre2: DNE
vivid_pcre2: DNE
vivid/stable-phone-overlay_pcre2: DNE
vivid/ubuntu-core_pcre2: DNE
wily_pcre2: DNE
xenial_pcre2: not-affected (10.20-3)
yakkety_pcre2: not-affected (10.20-3)
zesty_pcre2: not-affected (10.20-3)
devel_pcre2: not-affected (10.20-3)
|