Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - PCRE: buffer overflow

May 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

When the attacker can change a PCRE regular expression, he can generate an overflow in an application using the PCRE library, leading to a denial of service and possibly to code execution.

Severity: 2/4

Creation date: 06/05/2010

DESCRIPTION OF THE VULNERABILITY

The PCRE library implements Perl compatible regular expressions (different than POSIX).

The pcre_compile.c file checks if the regular expression is too long, and returns an error. However, this check is done after the overflow. This check is thus inefficient.

When the attacker can change a PCRE regular expression, he can therefore generate an overflow in an application using the PCRE library, leading to a denial of service and possibly to code execution.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/P...




See previous articles

    

See next articles