FreeBSD : pcre -- heap overflow vulnerability (6900e6f1-4a79-11e5-9ad8-14dae9d210b8)
High Nessus Plugin ID 85608
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionGuanxing Wen reports :
PCRE library is prone to a vulnerability which leads to Heap Overflow.
During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex(). The Heap Overflow vulnerability is caused by the following regular expression.
A dry run of this particular regular expression with pcretest will reports 'double free or corruption (!prev)'. But it is actually a heap overflow problem. The overflow only affects pcre 8.x branch, pcre2 branch is not affected.
SolutionUpdate the affected package.