cve/2017/CVE-2017-16231.md

CVE-2017-16231

Description

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

POC

Reference

• http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
• http://seclists.org/fulldisclosure/2018/Dec/33
• http://www.openwall.com/lists/oss-security/2017/11/01/11
• http://www.openwall.com/lists/oss-security/2017/11/01/3
• http://www.openwall.com/lists/oss-security/2017/11/01/7
• http://www.openwall.com/lists/oss-security/2017/11/01/8

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/PajakAlexandre/wik-dps-tp02
• https://github.com/cdupuis/image-api
• https://github.com/flyrev/security-scan-ci-presentation
• https://github.com/fokypoky/places-list
• https://github.com/followboy1999/cve
• https://github.com/garethr/snykout