Re: 4.0a3 - Two Regular Expression Libraries? -- We need your input!

new topic     » goto parent     » topic index » view thread      » older message » newer message
  • Posted by jeremy (admin) Mar 16, 2009
  • 1236 views
CoJaBo said...

^ That, I would like to see. I have seen exploits used as an example of why not to use PCRE several times, yet noone can show me an example of one of these 3 exploits. Where are they documented in detail?

Ok, I did the search for you. It was 2 last year and 1 towards the end of the previous that must have been thinking of, as we discussed this in detail a quite a few months ago. Here are the results:

dsa-1399, dsa-1499, dsa-1602.

Now, I want to take something from that text, for those who are not going to read them... Here is a direct quote:

"Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions."

Jeremy

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu