pcre -- multiple vulnerabilities

2015-05-29T00:00:00
ID E69AF246-0AE2-11E5-90E4-D050996490D0
Type freebsd
Reporter FreeBSD
Modified 2015-06-07T00:00:00

Description

Venustech ADLAB reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex.

PCRE library is prone to a vulnerability which leads to Stack Overflow. Without enough bound checking inside match(), the stack memory could be overflowed via a crafted regular expression.