[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
- To: "=?gb18030?b?ZnVsbGRpc2Nsb3N1cmU=?=" <fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
- From: "=?gb18030?b?enp0MDkwNw==?=" <16362505@xxxxxx>
- Date: Thu, 20 Dec 2018 09:12:12 +0800
# Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
## Product Download: https://sourceforge.net/projects/pcre/files/pcre/
## Vulnerability Type£ºBuffer Overflow
## Attack Type : local
## Vulnerability Description
a pcretest load test PoC produces a crash overflow in the function match() in
pcre_exec.c because of a self-recursive call
> file:pcre_exec.c
> function match() line 983 and line 2061
## POC
https://github.com/followboy1999/poc/tree/master/CVE-2017-16231
./pcretest pcre_poc.txt
## Versions:PCRE 8.41
## Impact:Denial of Service
## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China
(CNCERT/CC)
## References
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16231
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/