Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Arch Linux: ASA-201508-11 Critical pcre Arbitrary Code Execution

Archlinux Large Esm H446
The package pcre before version 8.37-3 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201508-11
=========================================
Severity: Critical
Date    : 2015-08-26
CVE-ID  : None
Package : pcre
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package pcre before version 8.37-3 is vulnerable to arbitrary code
execution.

Resolution
=========
Upgrade to 8.37-3.

# pacman -Syu "pcre>=8.37-3"

The problem has been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
A heap overflow has been discovered when compiling certain regular
expressions with named references. This issue may lead to arbitrary code
execution.

Impact
=====
A remote attacker able to compile a special regular expression with
named references may be able to execute arbitrary code.

References
=========
https://seclists.org/oss-sec/2015/q3/295
https://bugs.exim.org/show_bug.cgi?id=1667