pcre3: CVE-2015-8380: Heap overflow / invalid write in fuction pcre_exec

Debian Bug report logs - #806467
pcre3: CVE-2015-8380: Heap overflow / invalid write in fuction pcre_exec

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: pcre3: Heap overflow / invalid write in fuction pcre_exec

Date: Fri, 27 Nov 2015 19:25:34 +0100

Source: pcre3
Version: 2:8.35-8
Severity: normal
Tags: security upstream patch fixed-upstream
Forwarded: https://bugs.exim.org/show_bug.cgi?id=1637

Hi

(This is to have a BTS reference for this bug, since no CVE id was
assigned so far; I know there is work on pcre2 now).

Hanno Böck reported a heap overflow in the pcre_exec function, cf.
https://bugs.exim.org/show_bug.cgi?id=1637

Fixed by commit http://vcs.pcre.org/pcre?view=revision&revision=1565
(8.38).

https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html

Regards,
Salvatore

Message #16 received at 806467-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 806467-close@bugs.debian.org

Subject: Bug#806467: fixed in pcre3 2:8.35-3.3+deb8u2

Date: Sun, 10 Jan 2016 23:02:25 +0000

Source: pcre3
Source-Version: 2:8.35-3.3+deb8u2

We believe that the bug you reported is fixed in the latest version of
pcre3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 806467@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated pcre3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 29 Dec 2015 09:19:11 +0100
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0 libpcre3-dev libpcre3-dbg pcregrep
Architecture: source
Version: 2:8.35-3.3+deb8u2
Distribution: jessie
Urgency: medium
Maintainer: Mark Baker <mark@mnb.org.uk>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 794589 796762 806467
Description: 
 libpcre3   - Perl 5 Compatible Regular Expression Library - runtime files
 libpcre3-dbg - Perl 5 Compatible Regular Expression Library - debug symbols
 libpcre3-dev - Perl 5 Compatible Regular Expression Library - development files
 libpcre3-udeb - Perl 5 Compatible Regular Expression Library - runtime files (ude (udeb)
 libpcrecpp0 - Perl 5 Compatible Regular Expression Library - C++ runtime files
 pcregrep   - grep utility that uses perl 5 compatible regexes.
Changes:
 pcre3 (2:8.35-3.3+deb8u2) jessie; urgency=medium
 .
   * Non-maintainer upload.
   * Add additional CVE references and bug closer to previous changelog.
     CVE-2015-2327 fix was included in the previous 2:8.35-3.3+deb8u1 upload.
     CVE-2015-8384 different issue than CVE-2015-3210 but fixed with same
     commit.
     CVE-2015-8388 different issue than CVE-2015-5073 but fixed with same
     commit.
     Add bug closer to bugs in the BTS retrospectively.
   * Add 0001-Fix-compile-time-loop-for-recursive-reference-within.patch.
     CVE-2015-2328: Stack-based buffer overflow in compile_regex().
   * Add 794589-information-disclosure.patch.
     CVE-2015-8382: Fix "pcre_exec does not fill offsets for certain regexps"
     leading to information disclosure. (Closes: #794589)
   * Add 0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch.
     CVE-2015-8383: Buffer overflow caused by repeated conditional group.
   * Add 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch.
     CVE-2015-8385: Buffer overflow caused by forward reference by name to
     certain group.
   * Add 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch.
     CVE-2015-8386: Buffer overflow caused by lookbehind assertion.
   * Add 0001-Add-integer-overflow-check-to-n-code.patch.
     CVE-2015-8387: Integer overflow in subroutine calls.
   * Add 0001-Fix-overflow-when-ovector-has-size-1.patch.
     CVE-2015-8380: Heap-based buffer overflow in pcre_exec. (Closes: #806467)
   * Add 0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch.
     CVE-2015-8389: Infinite recursion in JIT compiler when processing
     certain patterns.
   * Add 0001-Fix-bug-for-classes-containing-sequences.patch.
     CVE-2015-8390: Reading from uninitialized memory when processing certain
     patterns.
   * Add 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch.
     CVE-2015-8391: Some pathological patterns causes pcre_compile() to run
     for a very long time.
   * Add 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch.
     CVE-2015-8392: Buffer overflow caused by certain patterns with
     duplicated named groups.
   * Add 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch.
     CVE-2015-8393: Information leak when running pcgrep -q on crafted
     binary.
   * Add 0001-Add-missing-integer-overflow-checks.patch.
     CVE-2015-8394: Integer overflow caused by missing check for certain
     conditions.
   * Add 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch.
     CVE-2015-8381: Heap Overflow in compile_regex().
     CVE-2015-8395: Buffer overflow caused by certain references.
     (Closes: #796762)
Checksums-Sha1: 
 46e3a6b8646182fbad5e5f3419ecf73b79fe9c4f 1985 pcre3_8.35-3.3+deb8u2.dsc
 c5ed968e38eeb8c7f03c5f8bddc2fe8cc16d7d96 34594 pcre3_8.35-3.3+deb8u2.debian.tar.gz
Checksums-Sha256: 
 59b440caac5376cb4df1617b4c9a7b4c3ec9d34dd79e222fd041e1cb6157fd17 1985 pcre3_8.35-3.3+deb8u2.dsc
 e44841b424bac5d292151ba9d4e2a56246064e506f18cc28422dd1f0c47d3095 34594 pcre3_8.35-3.3+deb8u2.debian.tar.gz
Files: 
 ae29c623917e8d59b0f779409756fadd 1985 libs optional pcre3_8.35-3.3+deb8u2.dsc
 61d2cba984bae7f3c321b9a6e939120c 34594 libs optional pcre3_8.35-3.3+deb8u2.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWkqhwAAoJEAVMuPMTQ89EsC8P/1hc2tEuRKNnql1FsxmIWfQ9
uNfNXXwhFTzdk/r63siZ2Vmy/7SKZ94IF6oApBZa3mMEcxMtSmMClDerP0AxvVa0
mPl7jaVSbWHvl0D4SsgkjK8LhnjH/ttyveAACa4cdi1sxd5foQjPKTzOMEaPugfa
DDxbMFpwtilbC5Dm3jnNuv3MCSZO4+9VglPin1pSF5t9AVmoYuVihJrHKaIJZD5I
iLKSiI3RLF6T+zQvjEZWE4kgpnncqVPaTob7/4Xu8Jab+B0gVV3NBkZhpUQaOTy/
yU11UmHSYDa1IiBj40pZyjMpQhk+3Smdf+6YpRVVCKwcvo5KxitLZC/O/dRw+XKu
CCaLCkUNmm19efAzajJcK+62FnC6N2V6X/LVPisDsxXSbIIibOmLnGVqgqENuYhE
tLhpRzLQwBya/Ng4MPweY6SyU0BCz2pH0HoTF92qBYxEkV8YNI0j4IQAtzt2vZbi
Xsu8HFw27rXSMwzDEcAhezhOCctJX2pSX1WuSxCuSY/nDuLsjNF96DLLxngQwEQh
R+1dP0dfTJ2bJHUuD5eiQWAmyHgzlDeN4JceHCo7sFeopjg7jW1Hbnfe0gnHYmoN
QjBZxPzp60IKQs7VDHH1GafTQr7tjD+PsIn8oBONUsYeK25xW84+Htd8D9WPwqkE
Erj1CzKltjiVO8LYy/hN
=1Tw6
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.