FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  456406
Date:      2017-12-15
Time:      16:33:12Z
Committer: brd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
497b82e0-f9a0-11e5-92ce-002590263bf5pcre -- heap overflow vulnerability

Mitre reports:

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.


Discovery 2016-02-27
Entry 2016-04-03
pcre
lt 8.38_1

CVE-2016-1283
ports/208260
https://bugs.exim.org/show_bug.cgi?id=1767
6900e6f1-4a79-11e5-9ad8-14dae9d210b8pcre -- heap overflow vulnerability

Guanxing Wen reports:

PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex(). The Heap Overflow vulnerability is caused by the following regular expression.

/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/

A dry run of this particular regular expression with pcretest will reports "double free or corruption (!prev)". But it is actually a heap overflow problem. The overflow only affects pcre 8.x branch, pcre2 branch is not affected.


Discovery 2015-08-21
Entry 2015-08-24
pcre
lt 8.37_4

http://seclists.org/oss-sec/2015/q3/295
https://bugs.exim.org/show_bug.cgi?id=1672
7033b42d-ef09-11e5-b766-14dae9d210b8pcre -- stack buffer overflow

Philip Hazel reports:

PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow.


Discovery 2016-02-09
Entry 2016-03-21
Modified 2016-03-21
pcre
lt 8.38

pcre2
lt 10.20_1

https://bugs.exim.org/show_bug.cgi?id=1791
CVE-2016-3191