patch for CVE-2008-2371

Michael Santos <>
Wed Feb 10 23:34:16 CET 2010

Running the following code will crash the emulator:

 re:compile(<<"(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]">>, [unicode]).

Erlang uses PCRE 7.6. This issue was identified as CVE-2008-2371 and
was fixed in PCRE 7.8.

A patch can be found here:

 git fetch git:// pcre-CVE-2008-2371

It is taken directly from:

Does the Erlang/OTP team have a policy on security advisories, so users
and package maintainers can evaluate their risk?

More information about the erlang-patches mailing list