[3.0] pcre: Several vulnerabilities (CVE-2016-1283, CVE-2016-3191)
CVE-2016-1283: heap buffer overflow in handling of duplicate named groups
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles
the /((?:F?a\"){99}-))(?J)(?‘R’(?‘R’<((?‘RR’(?‘R’\){97)?J)?J)(?‘R’(?‘R’\){99|
(:(?|(?‘R’)(\k’R’)|((?‘R’)))H’R’R)(H’R))))))/ pattern and related
patterns with named subgroups, which allows remote attackers to cause a
denial of service
(heap-based buffer overflow) or possibly have unspecified other impact
via a crafted regular expression, as demonstrated by a JavaScript RegExp
object encountered by Konqueror.
Fixed In Version:
pcre 8.39
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1283
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-1283
Patch:
http://vcs.pcre.org/pcre?view=revision&revision=1636
CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested parentheses
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39
and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns
containing an (*ACCEPT)
substring in conjunction with nested parentheses, which allows remote
attackers to execute arbitrary code or cause a denial of service
(stack-based buffer overflow)
via a crafted regular expression, as demonstrated by a JavaScript RegExp
object encountered by Konqueror, aka ZDI-CAN-3542.
Fixed In Version:
pcre 8.39, pcre2 10.22
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-3191
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3191
Patch:
http://vcs.pcre.org/pcre?view=revision&revision=1631
(from redmine: issue id 5476, created on 2016-04-21, closed on 2016-05-10)
- Relations:
- parent #5471 (closed)
- Changesets:
- Revision 1e470988 on 2016-05-09T12:17:34Z:
main/pcre: several fixes including CVEs
Fixes #5476
Fixes #5470
Fixes #5466
CVE-2016-1283
CVE-2016-3191
CVE-2015-8380
CVE-2015-8381
CVE-2015-8383
CVE-2015-8384
CVE-2015-8392
CVE-2015-8393
CVE-2015-8394
CVE-2015-8382
(cherry picked from commit ae07363ba5d06022ffa7d161ab322fae828b7600)
Conflicts:
main/pcre/APKBUILD