[v3.1] pcre: heap buffer overflow (CVE-2014-8964)
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
•MLIST:[oss-security] 20141121 Re: CVE request: heap buffer overflow
in PCRE
•URL: http://www.openwall.com/lists/oss-security/2014/11/21/6
•CONFIRM: http://bugs.exim.org/show\_bug.cgi?id=1546
•CONFIRM: http://www.exim.org/viewvc/pcre?view=revision&revision=1513
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1166147
•FEDORA:FEDORA-2014-15573
•URL:
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html
http://seclists.org/oss-sec/2014/q4/746
(from redmine: issue id 3735, created on 2015-01-23, closed on 2015-08-07)
- Relations:
- parent #3731 (closed)
- Changesets:
- Revision 532e5884 by Natanael Copa on 2015-01-25T11:35:54Z:
main/pcre: security fix for CVE-2014-8964
ref #3731
fixes #3735
(cherry picked from commit 656ff36b75f24b7f58cdc79362a8a975460fb1db)