Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201603-18 ========================================= Severity: High Date : 2016-03-13 CVE-ID : CVE-2016-1283 Package : pcre Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package pcre before version 8.38-3 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 8.38-3. # pacman -Syu "pcre>=8.38-3" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execute arbitrary code in the context of the user running the affected application. Impact ===== A remote attacker is able to execute arbitrary code by crafting a special regular expression that triggers a heap buffer overflow. References ========= https://access.redhat.com/security/cve/CVE-2016-1283 https://bugs.exim.org/show_bug.cgi?id=1767