[Bug 1798725] Re: Content "n\xff=" can crash libpcre when an application is matching the pattern \s*=
Alex Murray
alex.murray at canonical.com
Thu Oct 25 11:54:06 UTC 2018
I have reworked the PoC to one which allows to reproduce the crash
directly just using libpcre, and have verified this works directly on
the upstream libpcre releases 8.39, 8.40, 8.41 & 8.42 - waiting on
response from upstream - https://bugs.exim.org/show_bug.cgi?id=2330#c2
** Bug watch added: bugs.exim.org/ #2330
http://bugs.exim.org/show_bug.cgi?id=2330
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pcre3 in Ubuntu.
https://bugs.launchpad.net/bugs/1798725
Title:
Content "n\xff=" can crash libpcre when an application is matching the
pattern \s*=
Status in pcre3 package in Ubuntu:
Confirmed
Bug description:
Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 -
libpcre3 can be made to crash when matching the pattern \s*= when the
context is n\xff=
Able to reproduce on current Bionic using the PoC attached (which is
copied directly from the upstream bug report) - in a fresh Bionic VM:
$ sudo apt install build-essential libgtk2.0-dev
$ cd PCRE_PoC
$ ./compilePoC.sh
$ ./PoC
Content:
-------------------
n�=
-------------------
Pattern:
-------------------
\s*=
---------------------
Segmentation fault (core dumped)
Haven't yet tested the second PoC via an external disk autorun.inf and
gvfs-udisks2-volume-monitor.
Also haven't tested in Cosmic / older releases
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1798725/+subscriptions
More information about the foundations-bugs
mailing list