Summary: | <dev-libs/libpcre-8.41: invalid memory read in _pcre32_xclass (pcre_xclass.c) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | base-system | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/ | ||||||
Whiteboard: | A3 [glsa cve] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 614052 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Agostino Sarubbo
2017-03-27 09:49:11 UTC
A fuzz on libpcre1 through the pcretest utility revealed an invalid memory read. Upstream says that this bug is fixed by one of the previous commit. However I’m providing as usual the stacktrace and the reproducer, so if you are not running the latest upstream release, like happen on debian/rhel based distros, you may want to check better the status of this bug. Created attachment 475122 [details, diff] Patch for CVE-2017-7244 Fixed in > Revision: 1688 > Author: ph10 > Date: Friday, February 24, 2017 18:30:30 > Message: > Fix Unicode property crash for 32-bit characters greater than 0x10ffff. > > ---- > Modified : /code/trunk/ChangeLog > Modified : /code/trunk/maint/MultiStage2.py > Modified : /code/trunk/pcre_internal.h > Modified : /code/trunk/pcre_ucd.c (not yet released) Fixed in >=dev-libs/libpcre-8.41, stabilization will happen in bug 614052. This issue was resolved and addressed in GLSA 201710-25 at https://security.gentoo.org/glsa/201710-25 by GLSA coordinator Aaron Bauman (b-man). |