PCRE Heap Overflow in Regex Processing Lets Users Execute Arbitrary Code



SecurityTracker Alert ID: 1032453

SecurityTracker URL: http://securitytracker.com/id/1032453

CVE Reference: CVE-2015-3210 (Links to External Site)

Date: Jun 2 2015



Exploit Included: Yes



Version(s): 8.34, 8.35, 8.36, 8.37; PCRE2 10.10



Description: A vulnerability was reported in PCRE. A remote or local user can cause arbitrary code to be executed on the target system.



A remote or local user can create a specially crafted regular expression string that, when processed by the target application, will trigger a heap overflow in the PCRE library and execute arbitrary code on the target system. The code will run with the privileges of the target application.



Wen Guanxing from Venustech ADLAB reported this vulnerability.



Impact: A remote or local user can create a regular expression that, when loaded by the target application, will execute arbitrary code on the target system.



Solution: No solution was available at the time of this entry.



Vendor URL: www.pcre.org/ (Links to External Site)







Message History: This archive entry has one or more follow-up message(s) listed below.

Jul 31 2015 (Ubuntu Issues Fix) PCRE Heap Overflow in Regex Processing Lets Users Execute Arbitrary Code

Ubuntu has issued a fix for Ubuntu 12.04 LTS, 14.04 LTS, and 15.04.

Mar 29 2016 (Ubuntu Issues Fix) PCRE Heap Overflow in Regex Processing Lets Users Execute Arbitrary Code

Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.







Source Message Contents

