624518 – (CVE-2017-11164) dev-libs/libpcre: stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Bug 624518 (CVE-2017-11164) - dev-libs/libpcre: stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Summary: dev-libs/libpcre: stack exhaustion (uncontrolled recursion) when processing a...

Status:	RESOLVED INVALID

Alias:	CVE-2017-11164

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://seclists.org/oss-sec/2017/q3/111
Whiteboard:	A3 [upstream cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-07-11 03:15 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2017-10-31 15:55 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-11 03:15:20 UTC

From $URL:

[Suggested description]
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c
allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

------------------------------------------

[Additional Information]
This vulns like CVE-2017-9729.
it is about line 2061 (from the https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=markup page) of 
pcre_exec.c:

Comment 1 Agostino Sarubbo gentoo-dev

2017-07-11 08:05:36 UTC

As stated on oss-sec, I'm not sure this is considered a valid bug.