FreeBSD : pcre -- Heap Overflow Vulnerability in find_fixedlength() (8a1d0e63-1e07-11e5-b43d-002590263bf5)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Venustech ADLAB reports :

PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpected heap memory regions are accessed.

One could at least exploit this issue to read objects nearby of the
affected application's memory.

Such information disclosure may also be used to bypass memory
protection method such as ASLR.

See also :

https://bugs.exim.org/show_bug.cgi?id=1651
http://vcs.pcre.org/pcre?view=revision&revision=1571
http://www.openwall.com/lists/oss-security/2015/06/26/1
http://www.nessus.org/u?9046a824

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 84887 ()

Bugtraq ID:

CVE ID: CVE-2015-5073

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now