FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pcre -- heap overflow vulnerability

Affected packages
pcre < 8.38_1

Details

VuXML ID 497b82e0-f9a0-11e5-92ce-002590263bf5
Discovery 2016-02-27
Entry 2016-04-03

Mitre reports:

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

References

CVE Name CVE-2016-1283
FreeBSD PR ports/208260
URL https://bugs.exim.org/show_bug.cgi?id=1767