See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
When you fix this bug, please
* mention the fix revision(s).
* state whether the bug was a short-lived regression or an old bug in any stable releases.
* add any other useful information.
This information can help downstream consumers.
If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.
{"id": "OSSFUZZ-9522", "type": "ossfuzz", "bulletinFamily": "software", "title": "pcre2/pcre2_fuzzer: Heap-buffer-overflow in get_chr_property_list", "description": "Project:\nsvn://vcs.exim.org/pcre2/code/trunk\n\nDetailed report: https://oss-fuzz.com/testcase?key=4868465176346624\n\nProject: pcre2\nFuzzer: libFuzzer_pcre2_fuzzer\nFuzz target binary: pcre2_fuzzer\nJob Type: libfuzzer_asan_pcre2\nPlatform Id: linux\n\nCrash Type: Heap-buffer-overflow READ 1\nCrash Address: 0x610000000201\nCrash State:\n get_chr_property_list\n _pcre2_auto_possessify_8\n pcre2_compile_8\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_pcre2&range=201807210550:201807220512\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=4868465176346624\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.", "published": "2018-07-22T08:46:19", "modified": "2018-08-22T15:25:33", "cvss": {}, "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9522", "reporter": "Google", "references": [], "cvelist": [], "lastseen": "2020-04-03T19:12:08", "viewCount": 2, "enchantments": {"dependencies": {}, "score": {"value": -0.5, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.5}, "ossfuzz": {"issue": 9522, "status": "Verified", "project": "pcre2", "ref": "https://oss-fuzz.com/revisions?job=libfuzzer_asan_pcre2&range=201807220512:201807230523", "crashType": "Heap-buffer-overflow READ 1", "revisions": ["969:971"], "project_repos": ["svn://vcs.exim.org/pcre2/code/trunk"], "tags": ["10.34", "10.33", "10.32", "10.31", "10.30", "10.23", "10.22", "10.21", "10.20", "10.10", "10.00"]}, "affectedSoftware": [{"name": "pcre2", "version": "10.31", "operator": "eq"}, {"name": "pcre2", "version": "10.30", "operator": "eq"}, {"name": "pcre2", "version": "10.23", "operator": "eq"}, {"name": "pcre2", "version": "10.22", "operator": "eq"}, {"name": "pcre2", "version": "10.21", "operator": "eq"}, {"name": "pcre2", "version": "10.20", "operator": "eq"}, {"name": "pcre2", "version": "10.10", "operator": "eq"}, {"name": "pcre2", "version": "10.00", "operator": "eq"}], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645713847}}
