FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pcre -- multiple vulnerabilities

Affected packages
pcre < 8.37_1

Details

VuXML ID e69af246-0ae2-11e5-90e4-d050996490d0
Discovery 2015-05-29
Entry 2015-06-04
Modified 2015-06-07

Venustech ADLAB reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex.

PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside match(), the stack memory could be overflowed via a crafted regular expression.

References

CVE Name CVE-2015-3210
CVE Name CVE-2015-3217
URL https://bugs.exim.org/show_bug.cgi?id=1636
URL https://bugs.exim.org/show_bug.cgi?id=1638