CVE-2017-7186

NONE EPSS 91.2%
Published Mar 20, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 20, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

Threat Intelligence

EPSS Exploit Probability
91.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 2

VendorProductVersionRange
pcrepcre8.40any
pcrepcre210.23any

References 10

  • securityfocus.com http://www.securityfocus.com/bid/97030
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:2486
  • blogs.gentoo.org https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
    PatchThird Party Advisory
  • bugs.exim.org https://bugs.exim.org/show_bug.cgi?id=2052
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201710-09
  • security.gentoo.org https://security.gentoo.org/glsa/201710-25
  • vcs.pcre.org https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date
    Patch
  • vcs.pcre.org https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
    Patch
  • vcs.pcre.org https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
    Patch
  • vcs.pcre.org https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date
    Patch

Remediation

  • blogs.gentoo.org https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
    PatchThird Party Advisory
  • vcs.pcre.org https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date
    Patch
  • vcs.pcre.org https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
    Patch
  • vcs.pcre.org https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
    Patch
  • vcs.pcre.org https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date
    Patch