Bugzilla – Bug 936227
VUL-1: CVE-2015-5073: pcre: Library Heap Overflow Vulnerability in find_fixedlength()
Last modified: 2020-09-23 16:43:10 UTC
CVE-2015-5073 http://seclists.org/oss-sec/2015/q2/806 yet another pcre regular expression bug. From: Guanxing Wen <wengx522 () gmail com> Date: Fri, 26 Jun 2015 10:28:12 +0800 Hi, PCRE is a regular expression C library inspired by the regular expression capabilities in the Perl programming language. The PCRE library is incorporated into a number of prominent programs, such as Adobe Flash, Apache, Nginx, PHP. PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed. One could at least exploit this issue to read objects nearby of the affected application's memory. Such information discloure may also be used to bypass memory protection method such as ASLR. Reference: https://bugs.exim.org/show_bug.cgi?id=1651
bugbot adjusting priority
pcre change: http://vcs.pcre.org/pcre?view=revision&revision=1571 r1571 | ph10 | 2015-06-23 18:34:53 +0200 (Tue, 23 Jun 2015) | 3 lines Changed paths: M /code/trunk/ChangeLog M /code/trunk/pcre_compile.c M /code/trunk/testdata/testinput2 M /code/trunk/testdata/testoutput2 Fix buffer overflow for forward reference within backward assertion with excess closing parenthesis. Bugzilla 1651. The corresponding pcre2 change is: http://vcs.pcre.org/pcre2?view=revision&revision=192 r192 | ph10 | 2015-02-06 17:47:15 +0100 (Fri, 06 Feb 2015) | 3 lines Changed paths: M /code/trunk/ChangeLog M /code/trunk/src/pcre2_auto_possess.c M /code/trunk/src/pcre2_compile.c M /code/trunk/src/pcre2_error.c M /code/trunk/src/pcre2_internal.h Give an internal error for a bad opcode during auto-possessification. This can stop a loop when compiling an invalid UTF string with PCRE2_NO_UTF_CHECK. This is already contained in the pcre2-10.10 release. pcre2 in Factory not affected.
This is an autogenerated message for OBS integration: This bug (936227) was mentioned in https://build.opensuse.org/request/show/437711 13.2 / pcre
openSUSE-SU-2016:2805-1: An update that solves 6 vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 933288,933878,936227,942865,957566,957598,960837,971741,972127 CVE References: CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2016-1283,CVE-2016-3191 Sources used: openSUSE 13.2 (src): pcre-8.39-3.8.1
SUSE-SU-2016:2971-1: An update that fixes 25 vulnerabilities is now available. Category: security (moderate) Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127 CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Workstation Extension 12-SP1 (src): pcre-8.39-5.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): pcre-8.39-5.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Server 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Server 12-SP1 (src): pcre-8.39-5.1 SUSE Linux Enterprise High Availability 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise High Availability 12-SP1 (src): pcre-8.39-5.1 SUSE Linux Enterprise Desktop 12-SP2 (src): pcre-8.39-5.1 SUSE Linux Enterprise Desktop 12-SP1 (src): pcre-8.39-5.1
openSUSE-SU-2016:3099-1: An update that fixes 25 vulnerabilities is now available. Category: security (moderate) Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127 CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191 Sources used: openSUSE Leap 42.2 (src): pcre-8.39-6.1 openSUSE Leap 42.1 (src): pcre-8.39-5.1
SUSE-SU-2016:3161-1: An update that fixes 25 vulnerabilities is now available. Category: security (moderate) Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127 CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Workstation Extension 12-SP1 (src): pcre-8.39-7.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server for SAP 12 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server 12-SP1 (src): pcre-8.39-7.1 SUSE Linux Enterprise Server 12-LTSS (src): pcre-8.39-7.1 SUSE Linux Enterprise High Availability 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise High Availability 12-SP1 (src): pcre-8.39-7.1 SUSE Linux Enterprise Desktop 12-SP2 (src): pcre-8.39-7.1 SUSE Linux Enterprise Desktop 12-SP1 (src): pcre-8.39-7.1
Looks done to me, but evaluate yourself
Not reproducible on SUSE:SLE-11:Update. Resolved.