• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PCRE Regular Expression Heap Based Buffer Overflow Vulnerability

PCRE is prone to a heap-based buffer-overflow vulnerability because the library fails to properly handle user-supplied input before copying data to an internal memory buffer.

The impact of successful exploits of this vulnerability depends on the application and the privileges of the user running the vulnerable library. A successful attack may ultimately permit an attacker to control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations. This may allow the attacker to execute arbitrary code in the context of the application using the vulnerable library.

Versions up to and including PCRE 7.7 are vulnerable.