A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances.
CWE-122: Heap-based Buffer Overflow
From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an extent that, in the process of enlarging (multiplication and addition), causes the 32 bit register/variable to overflow." It may be possible for an attacker to use this overflow to change data in memory.
The complete impact of this vulnerability is not yet known. Since the library is utilized in different ways, the impact is likely to vary depending on vendor. In worst case, a malicious actor may be able to execute arbitrary code.
Apply an update
This vulnerability was reported publicly by Guido Vranken.
This document was written by Garret Wassermann.
|Date First Published:||2015-02-13|
|Date Last Updated:||2015-02-27 13:52 UTC|