[v3.2] pcre: PCRE Library Call Stack Overflow Vulnerability in match() (CVE-2015-3217)
Latest version of PCRE is prone to a Stack Overflow vulnerability which could caused by the following regular expression.
/\\.|([\\\\W_])?))$/
Affected
PCRE 8.33, 8.34, 8.35, 8.36, 8.37 are confirmed to be vulnerable.
PCRE2 10.10 is also confirmed to be vulnerable.
Other applications may also be affected.
Reference: https://bugs.exim.org/show\_bug.cgi?id=1638
(from redmine: issue id 4291, created on 2015-06-10, closed on 2019-05-03)
- Relations:
- parent #4287
- Changesets:
- Revision 11877995 by Natanael Copa on 2015-07-07T13:43:11Z:
main/pcre: various security fixes
CVE-2015-3210
CVE-2015-3217
CVE-2015-5073
fixes #4291
fixes #4404
(cherry picked from commit 77345a923c72d9e8d0a4202d893239ba43b903a3)