Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 624518 (CVE-2017-11164)

Summary: dev-libs/libpcre: stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
Product: Gentoo Security Reporter: Christopher Díaz Riveros (RETIRED) <chrisadr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://seclists.org/oss-sec/2017/q3/111
Whiteboard: A3 [upstream cve]
Package list:
Runtime testing required: ---

Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-11 03:15:20 UTC
From $URL:

[Suggested description]
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c
allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

------------------------------------------

[Additional Information]
This vulns like CVE-2017-9729.
it is about line 2061 (from the https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=markup page) of 
pcre_exec.c:
Comment 1 Agostino Sarubbo gentoo-dev 2017-07-11 08:05:36 UTC
As stated on oss-sec, I'm not sure this is considered a valid bug.