Bug 971741 - (CVE-2016-3191) VUL-1: CVE-2016-3191: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)
(CVE-2016-3191)
VUL-1: CVE-2016-3191: pcre: workspace overflow for (*ACCEPT) with deeply nest...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/163559/
CVSSv3.1:SUSE:CVE-2016-3191:3.7:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-18 09:52 UTC by Victor Pereira
Modified: 2022-04-06 14:02 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-03-18 09:52:00 UTC
rh#1311503

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and
pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an
(*ACCEPT) substring in conjunction with nested parentheses, which allows remote
attackers to execute arbitrary code or cause a denial of service (stack-based
buffer overflow) via a crafted regular expression, as demonstrated by a
JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3191
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815920
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815921
https://bugs.exim.org/show_bug.cgi?id=1791
http://vcs.pcre.org/pcre2?view=revision&revision=489
http://vcs.pcre.org/pcre?view=revision&revision=1631
Comment 1 Swamp Workflow Management 2016-03-18 23:00:26 UTC
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2016-08-01 16:00:30 UTC
This is an autogenerated message for OBS integration:
This bug (971741) was mentioned in
https://build.opensuse.org/request/show/416447 Factory / pcre2
Comment 3 Andreas Stieger 2016-08-01 16:04:32 UTC
For pcre, this was submitted into factory via
https://build.opensuse.org/request/show/403030

Recording in changelog:
https://build.opensuse.org/request/show/416446
Comment 4 Bernhard Wiedemann 2016-08-03 22:00:32 UTC
This is an autogenerated message for OBS integration:
This bug (971741) was mentioned in
https://build.opensuse.org/request/show/416797 42.1 / pcre2
Comment 5 Swamp Workflow Management 2016-08-11 15:13:30 UTC
openSUSE-SU-2016:2035-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 971741
CVE References: CVE-2016-3191
Sources used:
openSUSE Leap 42.1 (src):    pcre2-10.22-7.1
Comment 7 Bernhard Wiedemann 2016-10-28 18:01:20 UTC
This is an autogenerated message for OBS integration:
This bug (971741) was mentioned in
https://build.opensuse.org/request/show/437711 13.2 / pcre
Comment 8 Swamp Workflow Management 2016-11-15 17:14:33 UTC
openSUSE-SU-2016:2805-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 933288,933878,936227,942865,957566,957598,960837,971741,972127
CVE References: CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2016-1283,CVE-2016-3191
Sources used:
openSUSE 13.2 (src):    pcre-8.39-3.8.1
Comment 9 Swamp Workflow Management 2016-12-02 15:09:56 UTC
SUSE-SU-2016:2971-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127
CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Server 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Server 12-SP1 (src):    pcre-8.39-5.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise High Availability 12-SP1 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    pcre-8.39-5.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    pcre-8.39-5.1
Comment 11 Swamp Workflow Management 2016-12-12 18:13:47 UTC
openSUSE-SU-2016:3099-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127
CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191
Sources used:
openSUSE Leap 42.2 (src):    pcre-8.39-6.1
openSUSE Leap 42.1 (src):    pcre-8.39-5.1
Comment 12 Swamp Workflow Management 2016-12-15 15:09:51 UTC
SUSE-SU-2016:3161-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 906574,924960,933288,933878,936227,942865,957566,957567,957598,957600,960837,971741,972127
CVE References: CVE-2014-8964,CVE-2015-2325,CVE-2015-2327,CVE-2015-2328,CVE-2015-3210,CVE-2015-3217,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8382,CVE-2015-8383,CVE-2015-8384,CVE-2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE-2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE-2016-3191
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server for SAP 12 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server 12-SP1 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Server 12-LTSS (src):    pcre-8.39-7.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise High Availability 12-SP1 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    pcre-8.39-7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    pcre-8.39-7.1
Comment 13 Stephan Kulow 2017-05-24 18:00:34 UTC
Looks done to me, but evaluate yourself
Comment 14 Swamp Workflow Management 2018-12-03 18:21:09 UTC
This is an autogenerated message for OBS integration:
This bug (971741) was mentioned in
https://build.opensuse.org/request/show/653587 Backports:SLE-12 / pcre2
Comment 16 Gabriele Sonnu 2022-04-06 14:02:58 UTC
All done.