CVE-2014-8964 (retired)

Priority
Description
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers
to cause a denial of service (crash) or have other unspecified impact via a
crafted regular expression, related to an assertion that allows zero
repeats.
Notes
 sarnold> exploiting this requires allowing untrusted input as the regular
  expression; that's usually not allowed for performance reasons but the
  regex engine shouldn't allow overflows on untrusted inputs.
 mdeslaur> reproducer in upstream bug
 mdeslaur> does not reproduce in precise
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.0.22-0ubuntu1)
More Information

Updated: 2019-03-26 12:13:47 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)