lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Dec 2018 09:12:12 +0800
From: "zzt0907" <16362505@...com>
To: "fulldisclosure" <fulldisclosure@...lists.org>
Subject: [FD] Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)

# Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
## Product Download: https://sourceforge.net/projects/pcre/files/pcre/
## Vulnerability Type´╝ÜBuffer Overflow
## Attack Type : local
## Vulnerability Description
a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call
> file:pcre_exec.c
> function match() line 983 and line 2061
## POC
https://github.com/followboy1999/poc/tree/master/CVE-2017-16231
./pcretest pcre_poc.txt
## Versions:PCRE 8.41
## Impact:Denial of Service
## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC)
## References
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16231

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists