PCRE Integer Overflow Denial Of Service Vulnerabilities
13 Feb. 2016
Summary
PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Credit:
The information has been provided by Hanno B ck and Wen Guanxing.
PCRE is prone to multiple heap-based buffer-overflow vulnerabilities. Successful exploits may allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.