PHP :: Sec Bug #68960 :: Bundled PCRE affected by CVE-2014-8964

Sec Bug #68960	Bundled PCRE affected by CVE-2014-8964
Submitted:	2015-01-30 10:22 UTC	Modified:	2015-03-20 05:50 UTC
From:	thoger at redhat dot com	Assigned:	remi (profile)
Status:	Closed	Package:	PCRE related
PHP Version:	5.6.5	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2015-01-30 10:22 UTC] thoger at redhat dot com

Description:
------------
A heap buffer overflow related to handling of zero-repeat assertions was reported and fixed upstream:

http://bugs.exim.org/show_bug.cgi?id=1546
http://www.exim.org/viewvc/pcre?view=revision&revision=1513

Fix is expected to be included in the next PCRE upstream release.

Test script:
---------------
php -r 'preg_match("/(?(?=)*)/", "");'

Actual result:
--------------
Crash/SEGV on invalid memory read.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-01-30 10:29 UTC] remi@php.net

Fixed by http://git.php.net/?p=php-src.git;a=commitdiff;h=c351b47ce85a3a147cfa801fa9f0149ab4160834

[2015-01-30 10:40 UTC] remi@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: remi

[2015-01-30 10:40 UTC] remi@php.net

Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.

[2015-01-30 12:54 UTC] thoger at redhat dot com

Sorry, recent versions indeed no longer crash.  The fix resolves crash for 5.5, but it does not seem to make a difference for 5.6 (i.e. 5.6.3 does not crash even though it does not have the fix).  In the latest versions in all branches (5.6.5, 5.5.21, and 5.4.37), valgrind still detects invalid read.  I haven't investigated if test can be adjusted to bypass the linked fix, only wanted to make you aware of a public CVE for one of the bundled libraries.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 16 14:01:29 2024 UTC