DescriptionPerl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
- SUSE-SA:2008:004, published Tue, 29 Jan 2008 13:00:00 +0000