[3.6] pcre: OP_KETRMAX feature in the match function in pcre_exec.c (CVE-2017-11164)
In PCRE 8.41, the OP_KETRMAX feature in the match function in
pcre_exec.c allows stack exhaustion
(uncontrolled recursion) when processing a crafted regular expression.
References:
http://seclists.org/oss-sec/2017/q3/111
http://openwall.com/lists/oss-security/2017/07/11/3
(from redmine: issue id 7702, created on 2017-08-18, closed on 2019-05-03)
- Relations:
- parent #7700 (closed)
- Changesets:
- Revision 94e8d1e4 by Natanael Copa on 2017-08-29T21:36:24Z:
main/pcre: add secfix comment for CVE-2017-11164
We have had the compile option --with-match-limit-recursion=8192 since
the very first commit so we have never been affected by this CVE.
fixes #7702