Out-of-Bounds in pcre3

Do your applications use this vulnerable package? Test your applications

Overview

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

References

CONFIRM
CVE Details
Debian Security Tracker
MISC
OSS security Advisory
OSS security Advisory
OSS security Advisory
OSS security Advisory
Seclists Full Disclosure
Security Focus

Attack Vector

Local
Attack Complexity

Low
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-16231
CWE: CWE-119
Snyk ID: SNYK-DEBIAN10-PCRE3-345530
Disclosed: 21 Mar, 2019
Published: 27 Jun, 2018

Out-of-Bounds
Affecting pcre3 package, versions *

Overview

References

CVSS Score

Out-of-Bounds Affecting pcre3 package, versions *

Overview

References

Out-of-Bounds
Affecting pcre3 package, versions *