Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-336: PCRE3 Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-336: PCRE3 Vulnerability
# 1  
Old 07-17-2008
S-336: PCRE3 Vulnerability
It was discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. The risk is MEDIUM. May encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading the arbitrary code execution.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. IP Networking

Common Vulnerability

Hi there, I am trying to find info about the commonly used ports and how it can be vulnerable and to identify them? For example, I would like to identify how to man-in-the-middle using these ports 21(FTP),22(SSH),23(TELNET), (1 Reply)
Discussion started by: alvinoo
1 Replies

2. UNIX for Dummies Questions & Answers

Vulnerability Alerts

Aside from CERT, are there any additional sources for unix/linux vulnerabilities? (1 Reply)
Discussion started by: kmgrady01
1 Replies

3. Cybersecurity

SNMP Vulnerability

SNMP Vulnerability: In a few minutes wire services and other news sources will begin breaking a story about widespread vulnerabilities in SNMP (Simple Network Management Protocol). Exploits of the vulnerability cause systems to fail or to be taken over. The vulnerability can be found in... (1 Reply)
Discussion started by: dpatel
1 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

pcre_compile

PCRE_COMPILE(3) 					     Library Functions Manual						   PCRE_COMPILE(3)

NAME

       PCRE - Perl-compatible regular expressions

SYNOPSIS


       #include <pcre.h>

       pcre *pcre_compile(const char *pattern, int options,
	    const char **errptr, int *erroffset,
	    const unsigned char *tableptr);

DESCRIPTION


       This  function compiles a regular expression into an internal form. It is the same as pcre_compile2(), except for the absence of the error-
       codeptr argument. Its arguments are:

	 pattern       A zero-terminated string containing the
			 regular expression to be compiled
	 options       Zero or more option bits
	 errptr        Where to put an error message
	 erroffset     Offset in pattern where error was found
	 tableptr      Pointer to character tables, or NULL to
			 use the built-in default

       The option bits are:

	 PCRE_ANCHORED		 Force pattern anchoring
	 PCRE_AUTO_CALLOUT	 Compile automatic callouts
	 PCRE_BSR_ANYCRLF	 R matches only CR, LF, or CRLF
	 PCRE_BSR_UNICODE	 R matches all Unicode line endings
	 PCRE_CASELESS		 Do caseless matching
	 PCRE_DOLLAR_ENDONLY	 $ not to match newline at end
	 PCRE_DOTALL		 . matches anything including NL
	 PCRE_DUPNAMES		 Allow duplicate names for subpatterns
	 PCRE_EXTENDED		 Ignore whitespace and # comments
	 PCRE_EXTRA		 PCRE extra features
				   (not much use currently)
	 PCRE_FIRSTLINE 	 Force matching to be before newline
	 PCRE_JAVASCRIPT_COMPAT  JavaScript compatibility
	 PCRE_MULTILINE 	 ^ and $ match newlines within data
	 PCRE_NEWLINE_ANY	 Recognize any Unicode newline sequence
	 PCRE_NEWLINE_ANYCRLF	 Recognize CR, LF, and CRLF as newline
				   sequences
	 PCRE_NEWLINE_CR	 Set CR as the newline sequence
	 PCRE_NEWLINE_CRLF	 Set CRLF as the newline sequence
	 PCRE_NEWLINE_LF	 Set LF as the newline sequence
	 PCRE_NO_AUTO_CAPTURE	 Disable numbered capturing paren-
				   theses (named ones available)
	 PCRE_UNGREEDY		 Invert greediness of quantifiers
	 PCRE_UTF8		 Run in UTF-8 mode
	 PCRE_NO_UTF8_CHECK	 Do not check the pattern for UTF-8
				   validity (only relevant if
				   PCRE_UTF8 is set)

       PCRE must be built with UTF-8 support in order to use PCRE_UTF8 and PCRE_NO_UTF8_CHECK.

       The yield of the function is a pointer to a private data structure that contains the compiled pattern, or NULL if an  error  was  detected.
       Note  that  compiling regular expressions with one version of PCRE for use with a different version is not guaranteed to work and may cause
       crashes.

       There is a complete description of the PCRE native API in the pcreapi page and a description of the POSIX API in the pcreposix page.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +--------------------+-----------------+
       |  ATTRIBUTE TYPE    | ATTRIBUTE VALUE |
       +--------------------+-----------------+
       |Availability	    | SUNWpcre	      |
       +--------------------+-----------------+
       |Interface Stability | Uncommitted     |
       +--------------------+-----------------+
NOTES

       Source for PCRE is available on http://opensolaris.org.

																   PCRE_COMPILE(3)