[3.7] pcre: match() stack overflow (CVE-2017-16231)
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash
in the function match() in pcre_exec.c because of a self-recursive call.
(from redmine: issue id 8139, created on 2017-11-14, closed on 2017-12-07)
- parent #8138 (closed)
- Revision 62cf5b82 by Natanael Copa on 2017-12-04T09:00:29Z:
main/pcre: add secfixes comment for CVE-2017-16231 We are not affected by CVE-2017-16231 due to our build with --with-match-limit-recursion=8192. We had this option since first commit, version 7.8, and were never affected. fixes #8139
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information