[Bug 1311503] New: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)
5:42 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Bug ID: 1311503
Summary: pcre: workspace overflow for (*ACCEPT) with deeply
nested parentheses (8.39/13, 10.22/12)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: thoger(a)redhat.com
CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net,
csutherl(a)redhat.com, databases-maint(a)redhat.com,
dknox(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, jclere(a)redhat.com,
jdornak(a)redhat.com, jdoyle(a)redhat.com,
jgrulich(a)redhat.com, jorton(a)redhat.com,
klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk,
marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com,
mclasen(a)redhat.com, mmaslano(a)redhat.com,
myarboro(a)redhat.com, pmyers(a)valanet.net,
ppisar(a)redhat.com, pslavice(a)redhat.com,
rcollet(a)redhat.com, rjones(a)redhat.com,
rmeggins(a)redhat.com, rsvoboda(a)redhat.com,
t.sailer(a)alumni.ethz.ch, twalsh(a)redhat.com,
walters(a)redhat.com, webstack-team(a)redhat.com,
weli(a)redhat.com
ZDI reported a stack-based buffer overflow in pcre and pcre2. ZDI-CAN-3542 id
is used to identify the issue.
https://bugs.exim.org/show_bug.cgi?id=1791
PCRE does not validate that handling the (*ACCEPT) verb will occur within
the bounds of the cworkspace stack buffer, leading to a stack buffer
overflow.
Fixed upstream in pcre and pcre2 via the following commits:
http://vcs.pcre.org/pcre?view=revision&revision=1631
http://vcs.pcre.org/pcre2?view=revision&revision=489
Issue is triggered by the following pattern:
/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
PCRE 8.00 seems to be the first affected version.
--
You are receiving this mail because:
You are on the CC list for the bug.
5:42 a.m.
New subject: [Bug 1311503] pcre: workspace overflow for (*ACCEPT) with deeply
nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1295388
--
You are receiving this mail because:
You are on the CC list for the bug.
5:52 a.m.
Hello,
Ok, I am unfortunately unsubscribing from fedora-mingw as there is too much
emails from bugzilla. I suggested to not send the security emails, but it seems nobody
cares.
Thanks,
Nerijus
On Wed, 24 Feb 2016 11:42:30 +0000 bugzilla(a)redhat.com wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
6:06 a.m.
New subject: [Bug 1311503] pcre: workspace overflow for (*ACCEPT) with deeply
nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
--- Comment #1 from Tomas Hoger <thoger(a)redhat.com> ---
The above fix was already applied to Fedora pcre and pcre2 packages.
--
You are receiving this mail because:
You are on the CC list for the bug.
5:26 a.m.
New subject: [Bug 1311503] pcre: workspace overflow for (*ACCEPT) with deeply
nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2016-3191
--
You are receiving this mail because:
You are on the CC list for the bug.
5:26 a.m.
New subject: [Bug 1311503] CVE-2016-3191 pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|pcre: workspace overflow |CVE-2016-3191 pcre:
|for (*ACCEPT) with deeply |workspace overflow for
|nested parentheses |(*ACCEPT) with deeply
|(8.39/13, 10.22/12) |nested parentheses
| |(8.39/13, 10.22/12)
--
You are receiving this mail because:
You are on the CC list for the bug.
5:27 a.m.
New subject: [Bug 1311503] CVE-2016-3191 pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
--- Comment #2 from Andrej Nemec <anemec(a)redhat.com> ---
CVE assigned by Mitre today, via CVENEW.
--
You are receiving this mail because:
You are on the CC list for the bug.
3:50 a.m.
New subject: [Bug 1311503] CVE-2016-3191 pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |high
Whiteboard|impact=moderate,public=2016 |impact=important,public=201
|0209,reported=20160224,sour |60209,reported=20160224,sou
|ce=internet,cwe=CWE-121,rhe |rce=internet,cvss2=6.8/AV:N
|l-5/pcre=notaffected,rhel-6 |/AC:M/Au:N/C:P/I:P/A:P,cwe=
|/pcre=notaffected,rhel-7/pc |CWE-121,rhel-5/pcre=notaffe
|re=affected,fedora-all/pcre |cted,rhel-6/pcre=notaffecte
|=affected,fedora-all/mingw- |d,rhel-7/pcre=affected,fedo
|pcre=affected,epel-7/mingw- |ra-all/pcre=affected,fedora
|pcre=affected,fedora-all/pc |-all/mingw-pcre=affected,ep
|re2=affected,epel-all/pcre2 |el-7/mingw-pcre=affected,fe
|=affected,rhel-6/glib2=affe |dora-all/pcre2=affected,epe
|cted,rhel-7/glib2=affected, |l-all/pcre2=affected,rhel-6
|fedora-all/glib2=affected,f |/glib2=affected,rhel-7/glib
|edora-all/mingw-glib2=affec |2=affected,fedora-all/glib2
|ted,epel-7/mingw-glib2=affe |=affected,fedora-all/mingw-
|cted,rhel-7/virtuoso-openso |glib2=affected,epel-7/mingw
|urce=notaffected,rhscl-2/ph |-glib2=affected,rhel-7/virt
|p54-php=affected,rhscl-2/ph |uoso-opensource=notaffected
|p55-php=affected,rhscl-2/rh |,rhscl-2/php54-php=affected
|-php56-php=affected,rhscl-2 |,rhscl-2/php55-php=affected
|/rh-mariadb100-mariadb=affe |,rhscl-2/rh-php56-php=affec
|cted,rhscl-2/rh-mariadb101- |ted,rhscl-2/rh-mariadb100-m
|mariadb=affected,jbews-1/ht |ariadb=affected,rhscl-2/rh-
|tpd=notaffected,jbews-2/htt |mariadb101-mariadb=affected
|pd=notaffected,jbews-3/pcre |,jbews-1/httpd=notaffected,
|=wontfix,directory_server_8 |jbews-2/httpd=notaffected,j
|/pcre=notaffected |bews-3/pcre=wontfix,directo
| |ry_server_8/pcre=notaffecte
| |d
Severity|medium |high
--
You are receiving this mail because:
You are on the CC list for the bug.
6:01 a.m.
New subject: [Bug 1311503] CVE-2016-3191 pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1330490
Depends On| |1330491
--
You are receiving this mail because:
You are on the CC list for the bug.
6:04 a.m.
New subject: [Bug 1311503] CVE-2016-3191 pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1330494
--
You are receiving this mail because:
You are on the CC list for the bug.
6:41 a.m.
New subject: [Bug 1311503] CVE-2016-3191 pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1330508
Depends On| |1330509
--
You are receiving this mail because:
You are on the CC list for the bug.
8:08 a.m.
New subject: [Bug 1311503] CVE-2016-3191 pcre: workspace overflow for (*ACCEPT)
with deeply nested parentheses (8.39/13, 10.22/12)
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
--- Comment #6 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:1025 https://rhn.redhat.com/errata/RHSA-2016-1025.html
--
You are receiving this mail because:
You are on the CC list for the bug.
2912
days inactive
2989
days old
11 comments
2 participants
participants (2)
-
Nerijus Baliunas -
Red Hat Bugzilla