Re: 4.0a3 - Two Regular Expression Libraries? -- We need your input!
- Posted by jeremy (admin) Mar 16, 2009
- 1236 views
^ That, I would like to see. I have seen exploits used as an example of why not to use PCRE several times, yet noone can show me an example of one of these 3 exploits. Where are they documented in detail?
Ok, I did the search for you. It was 2 last year and 1 towards the end of the previous that must have been thinking of, as we discussed this in detail a quite a few months ago. Here are the results:
Now, I want to take something from that text, for those who are not going to read them... Here is a direct quote:
"Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions."
Jeremy