httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject PCRE CVE in 2.2.x/trunk
Date Tue, 04 Mar 2008 14:50:26 GMT
PCRE vuln CVE-2006-7225 applies to the bundled PCRE v5 in 2.2.x and trunk.
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225

PCRE 6.7 ChangeLog:

18. A valid (though odd) pattern that looked like a POSIX character
    class but used an invalid character after [ (for example [[,abc,]]) caused
    pcre_compile() to give the error "Failed: internal error: code overflow" or
    in some cases to crash with a glibc free() error. This could even happen if
    the pattern terminated after [[ but there just happened to be a sequence of
    letters, a binary zero, and a closing ] in the memory that followed.

Based on the type of malformed expressions that trigger the bug, I
think it's extremely unlikely that an _httpd_ administrator would
stumble upon an affected expression, but it is a straightforward fix.

IMO while this puts it into the class of issues that require untrusted
users modifying the configuration, it does carry a small asterisk
because a trusted user could conceivably stumble upon it by accident
(and end up with memory corruption or crash instead of an unmatchable
RewriteRule)

-- 
Eric Covener
covener@gmail.com

Mime
View raw message