| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_A786522C4D809AC127F67E2097EFD95D2406@qq.com> Date: Thu, 20 Dec 2018 09:12:12 +0800 From: "zzt0907" <16362505@...com> To: "fulldisclosure" <fulldisclosure@...lists.org> Subject: [FD] Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231) # Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231) ## Product Download: https://sourceforge.net/projects/pcre/files/pcre/ ## Vulnerability Type:Buffer Overflow ## Attack Type : local ## Vulnerability Description a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call > file:pcre_exec.c > function match() line 983 and line 2061 ## POC https://github.com/followboy1999/poc/tree/master/CVE-2017-16231 ./pcretest pcre_poc.txt ## Versions:PCRE 8.41 ## Impact:Denial of Service ## Credit This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC) ## References CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16231 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists