| PCRE Heap Overflow in Regex Processing Lets Users Execute Arbitrary Code |
| SecurityTracker Alert ID: 1032453 |
| SecurityTracker URL: http://securitytracker.com/id/1032453 |
| CVE Reference: (Links to External Site) |
| Date: Jun 2 2015 |
| Impact: , , , |
| Exploit Included: Yes |
| Version(s): 8.34, 8.35, 8.36, 8.37; PCRE2 10.10 |
| Description: A vulnerability was reported in PCRE. A remote or local user can cause arbitrary code to be executed on the target system. A remote or local user can create a specially crafted regular expression string that, when processed by the target application, will trigger a heap overflow in the PCRE library and execute arbitrary code on the target system. The code will run with the privileges of the target application. Wen Guanxing from Venustech ADLAB reported this vulnerability. |
| Impact: A remote or local user can create a regular expression that, when loaded by the target application, will execute arbitrary code on the target system. |
| Solution: No solution was available at the time of this entry. |
| Vendor URL: (Links to External Site) |
| Cause: |
| Underlying OS: , |
| |
| Message History: None. |