php:php-fuzz-mbstring: Heap-use-after-free in quantifiers_memory_node_info

Detailed Report: https://oss-fuzz.com/testcase?key=5672130576646144 Project: php Fuzzing Engine: libFuzzer Fuzz Target: php-fuzz-mbstring Job Type: libfuzzerasani386php Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0xf5239f80 Crash State: quantifiersmemorynodeinfo...

PT-2020-10802 · Philip Hazel +10 · Pcre +10

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.43 Description: The issue allows a subject buffer over-read in JIT when UTF is disabled, and X or R has more than one fixed quantifier. Recommendations: For versions prior to 8.43, update to version 8.44 or later to...

pcre heap overflow

Integer overflow in pcrecompile.c in Perl Compatible Regular Expressions PCRE before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow...