Full Disclosure mailing list archives

Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)

From: "zzt0907" <16362505 () qq com>
Date: Thu, 20 Dec 2018 09:12:12 +0800

# Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
## Product Download: https://sourceforge.net/projects/pcre/files/pcre/
## Vulnerability Type??Buffer Overflow
## Attack Type : local
## Vulnerability Description
a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive 
call

file:pcre_exec.c
function match() line 983 and line 2061

## POC
https://github.com/followboy1999/poc/tree/master/CVE-2017-16231
./pcretest pcre_poc.txt
## Versions:PCRE 8.41
## Impact:Denial of Service
## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC)
## References
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16231

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231) zzt0907 (Dec 21)