Vulnerability in PCRE Library Could Allow for Arbitrary Code Execution
MS-ISAC ADVISORY NUMBER:2015-089
A vulnerability has been discovered in the Perl Compatible Regular Expression (PCRE) library, which could allow for arbitrary code execution. The PCRE library is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5. Programs that utilize this library include Adobe Flash, Apache, Nginx, PHP, as well as many others.
There are no reports of this vulnerability being exploited in the wild, however there is a proof of concept available.
- PCRE version 8.37 and prior
- Large and medium government entities: HIGH
- Small government entities: HIGH
- Large and medium business entities: HIGH
- Small business entities: HIGH
A vulnerability has been discovered in the PCRE Library, which could allow for arbitrary code execution. This vulnerability occurs because the library fails to perform adequate boundary-checks on user-supplied data. When the library writes to the compile_regex function, it writes more than the allocated block size causing a heap buffer overflow.
Successful exploitation of this vulnerability through a specially crafted or vulnerable expression could trigger this issue, resulting in the execution of arbitrary code, in the context of the user running the application, with failed attempts triggering denial-of-service conditions.
We recommend the following actions be taken:
Upgrade to the latest version of PCRE2 immediately after appropriate testing.
Apply appropriate patches when available from affected vendors immediately after appropriate testing.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments, especially those from un-trusted sources.