Heap-based buffer overflow in php7 (Alpine package)

1) Heap-based buffer overflow

EUVDB-ID: #VU33236

Risk: High

CVSSv3.1: 8.5 [AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-1283

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'){97)?J)?J)(?'R'(?'R'){99|(:(?|(?'R')(k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which. A remote attacker can use a crafted regular expression to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

php7 (Alpine package): 7.0.21-r0

External links

http://git.alpinelinux.org/aports/commit/?id=f72329a49b77be5d910dd4f7e923ea3d0fda939b
http://git.alpinelinux.org/aports/commit/?id=39dff559c574e02ce16541bd4875f79ebe1d9e1c
http://git.alpinelinux.org/aports/commit/?id=4544962fcb43d066028c24bd18162d7e5c2d8e99
http://git.alpinelinux.org/aports/commit/?id=d9a9e717678034c50205eee41c8dc1fca256eba0
http://git.alpinelinux.org/aports/commit/?id=df5aeb27dfb1c9a6216feebc947c1a93e66eb856
http://git.alpinelinux.org/aports/commit/?id=35fe84176600346a226a215c77bb72de92153438
http://git.alpinelinux.org/aports/commit/?id=1cabd618771bbdcfb71da232ac9b9d5719e62ec3
http://git.alpinelinux.org/aports/commit/?id=359021806e9962819c3971a628eed78c605d3f4f

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.