Security Advisories (11)
CVE-2006-7230
(2007-11-15)
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
- http://www.pcre.org/changelog.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=384801
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.redhat.com/support/errata/RHSA-2007-1059.html
- http://www.redhat.com/support/errata/RHSA-2007-1068.html
- http://www.novell.com/linux/security/advisories/2007_62_pcre.html
- http://www.securityfocus.com/bid/26550
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27773
- http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
- http://secunia.com/advisories/28041
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://secunia.com/advisories/28658
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://secunia.com/advisories/30106
- http://www.debian.org/security/2008/dsa-1570
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911
CVE-2007-1660
(2007-11-07)
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
- http://www.debian.org/security/2007/dsa-1399
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- https://issues.rpath.com/browse/RPL-1738
- http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:212
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:213
- http://www.redhat.com/support/errata/RHSA-2007-0967.html
- http://www.redhat.com/support/errata/RHSA-2007-0968.html
- http://www.redhat.com/support/errata/RHSA-2007-1063.html
- http://www.redhat.com/support/errata/RHSA-2007-1065.html
- http://www.novell.com/linux/security/advisories/2007_62_pcre.html
- http://www.novell.com/linux/security/advisories/2007_25_sr.html
- http://www.securityfocus.com/bid/26346
- http://securitytracker.com/id?1018895
- http://secunia.com/advisories/27598
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27547
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27773
- http://secunia.com/advisories/27697
- http://secunia.com/advisories/27862
- http://secunia.com/advisories/27776
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/27965
- http://secunia.com/advisories/28136
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://secunia.com/advisories/28658
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://lists.vmware.com/pipermail/security-announce/2008/000014.html
- http://secunia.com/advisories/29785
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://www.redhat.com/support/errata/RHSA-2008-0546.html
- http://secunia.com/advisories/31124
- https://bugzilla.redhat.com/show_bug.cgi?id=315881
- http://secunia.com/advisories/30106
- http://www.debian.org/security/2008/dsa-1570
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/1234/references
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2007/3790
- http://docs.info.apple.com/article.html?artnum=307562
- http://docs.info.apple.com/article.html?artnum=307179
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562
- https://usn.ubuntu.com/547-1/
- http://www.securityfocus.com/archive/1/490917/100/0/threaded
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
CVE-2007-1659
(2007-11-07)
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
- http://www.pcre.org/changelog.txt
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- https://issues.rpath.com/browse/RPL-1738
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:212
- http://www.redhat.com/support/errata/RHSA-2007-0967.html
- http://www.redhat.com/support/errata/RHSA-2007-1068.html
- http://www.novell.com/linux/security/advisories/2007_62_pcre.html
- http://www.novell.com/linux/security/advisories/2007_25_sr.html
- http://www.securityfocus.com/bid/26346
- http://securitytracker.com/id?1018895
- http://secunia.com/advisories/27598
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27547
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27773
- http://secunia.com/advisories/27697
- http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/28041
- http://secunia.com/advisories/27965
- http://secunia.com/advisories/28136
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://secunia.com/advisories/28658
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
- http://secunia.com/advisories/29267
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://secunia.com/advisories/30106
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2007/3790
- http://www.debian.org/security/2007/dsa-1399
- http://www.debian.org/security/2008/dsa-1570
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38272
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725
- https://usn.ubuntu.com/547-1/
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
CVE-2007-1661
(2007-11-07)
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
- http://www.pcre.org/changelog.txt
- http://www.debian.org/security/2007/dsa-1399
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- https://issues.rpath.com/browse/RPL-1738
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
- http://www.novell.com/linux/security/advisories/2007_62_pcre.html
- http://www.securityfocus.com/bid/26346
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27773
- http://secunia.com/advisories/27697
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/28136
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
- http://secunia.com/advisories/29267
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://secunia.com/advisories/30106
- http://www.debian.org/security/2008/dsa-1570
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/3790
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2008/0924/references
- http://docs.info.apple.com/article.html?artnum=307562
- http://docs.info.apple.com/article.html?artnum=307179
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38274
- https://usn.ubuntu.com/547-1/
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
CVE-2007-1662
(2007-11-07)
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
- http://www.pcre.org/changelog.txt
- http://www.debian.org/security/2007/dsa-1399
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- https://issues.rpath.com/browse/RPL-1738
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
- http://www.securityfocus.com/bid/26346
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27697
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/28136
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
- http://secunia.com/advisories/29267
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://secunia.com/advisories/30106
- http://www.debian.org/security/2008/dsa-1570
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/3790
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2008/0924/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38275
- https://usn.ubuntu.com/547-1/
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
CVE-2007-4766
(2007-11-07)
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
- http://www.pcre.org/changelog.txt
- http://www.debian.org/security/2007/dsa-1399
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- https://issues.rpath.com/browse/RPL-1738
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
- http://www.novell.com/linux/security/advisories/2007_62_pcre.html
- http://www.securityfocus.com/bid/26346
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27773
- http://secunia.com/advisories/27697
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/28136
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
- http://secunia.com/advisories/29267
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://www.debian.org/security/2008/dsa-1570
- http://secunia.com/advisories/30106
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/3790
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2008/0924/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38276
- https://usn.ubuntu.com/547-1/
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
CVE-2007-4767
(2007-11-07)
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
- http://www.pcre.org/changelog.txt
- http://www.debian.org/security/2007/dsa-1399
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- https://issues.rpath.com/browse/RPL-1738
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
- http://www.novell.com/linux/security/advisories/2007_62_pcre.html
- http://www.securityfocus.com/bid/26346
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27773
- http://secunia.com/advisories/27697
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/28136
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
- http://secunia.com/advisories/29267
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://secunia.com/advisories/30106
- http://www.debian.org/security/2008/dsa-1570
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/3790
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2008/0924/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38277
- https://usn.ubuntu.com/547-1/
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
CVE-2007-4768
(2007-11-07)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
- http://www.debian.org/security/2007/dsa-1399
- http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
- https://issues.rpath.com/browse/RPL-1738
- http://security.gentoo.org/glsa/glsa-200711-30.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
- http://www.securityfocus.com/bid/26346
- http://secunia.com/advisories/27538
- http://secunia.com/advisories/27543
- http://secunia.com/advisories/27554
- http://secunia.com/advisories/27741
- http://secunia.com/advisories/27697
- http://www.adobe.com/support/security/bulletins/apsb07-20.html
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.redhat.com/support/errata/RHSA-2007-1126.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.us-cert.gov/cas/techalerts/TA07-355A.html
- http://securitytracker.com/id?1019116
- http://secunia.com/advisories/28136
- http://secunia.com/advisories/28157
- http://secunia.com/advisories/28161
- http://bugs.gentoo.org/show_bug.cgi?id=198976
- http://security.gentoo.org/glsa/glsa-200801-02.xml
- http://secunia.com/advisories/28406
- http://secunia.com/advisories/28414
- http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
- http://secunia.com/advisories/28570
- http://security.gentoo.org/glsa/glsa-200801-18.xml
- http://security.gentoo.org/glsa/glsa-200801-19.xml
- http://secunia.com/advisories/28714
- http://secunia.com/advisories/28720
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
- http://secunia.com/advisories/28213
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
- http://secunia.com/advisories/29267
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://www.adobe.com/support/security/bulletins/apsb08-13.html
- http://security.gentoo.org/glsa/glsa-200805-11.xml
- http://secunia.com/advisories/30155
- http://secunia.com/advisories/30219
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
- http://secunia.com/advisories/30507
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
- http://secunia.com/advisories/30840
- http://secunia.com/advisories/30106
- http://www.debian.org/security/2008/dsa-1570
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/4258
- http://www.vupen.com/english/advisories/2008/1966/references
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/1724/references
- http://www.vupen.com/english/advisories/2007/3725
- http://www.vupen.com/english/advisories/2007/3790
- http://docs.info.apple.com/article.html?artnum=307562
- http://docs.info.apple.com/article.html?artnum=307179
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38278
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701
- https://usn.ubuntu.com/547-1/
- http://www.securityfocus.com/archive/1/483579/100/0/threaded
- http://www.securityfocus.com/archive/1/483357/100/0/threaded
CVE-2015-2325
(2020-01-14)
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
CVE-2015-2326
(2020-01-14)
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
CVE-2015-8382
(2015-12-02)
The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
- https://bugs.exim.org/show_bug.cgi?id=1537
- http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
- http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510
- https://bugzilla.redhat.com/show_bug.cgi?id=1187225
- http://www.openwall.com/lists/oss-security/2015/08/04/3
- http://www.openwall.com/lists/oss-security/2015/11/29/1
- http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834
- http://www.securityfocus.com/bid/76157
- https://bto.bluecoat.com/security-advisory/sa128
NAME
Evalbot
DESCRIPTION
This is a small IRC bot using Net::IRC to eval() commands.
ARCHITECTURE
evalbot.p6 is the main bot, written in Perl 6. To run a command, it spawns evalhelper.p5, a Perl 5 program. This sets up the necessary environment (PUGS_SAFEMODE, redirection of STDOUT and STDERR to a temporary file, resource limits, etc.). Finnaly, evalhelper.p5 runs pugs.
INSTALLATION
There's no installation, simply run evalbot.p6 supplying a nick and an IRC server to connect to:
$ pugs evalbot.p6 evalbot6 irc.freenode.net:6667You don't have to restart evalbot.p6 when you've installed a new Pugs, as a new pugs is spawned on each command to eval.
AUTHOR
Ingo Blechschmidt, <iblech@web.de>
Module Install Instructions
To install Perl6::Pugs, copy and paste the appropriate command in to your terminal.
cpanm Perl6::Pugsperl -MCPAN -e shell
install Perl6::PugsFor more information on module installation, please visit the detailed CPAN module installation guide.