CVE-2017-7186
NONE EPSS 91.2%
Published Mar 20, 20179y ago · Modified Jun 17, 20262w ago
Published Mar 20, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
Threat Intelligence
EPSS Exploit Probability
91.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 2
References 10
- securityfocus.com http://www.securityfocus.com/bid/97030
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:2486
- blogs.gentoo.org https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
- bugs.exim.org https://bugs.exim.org/show_bug.cgi?id=2052
- security.gentoo.org https://security.gentoo.org/glsa/201710-09
- security.gentoo.org https://security.gentoo.org/glsa/201710-25
- vcs.pcre.org https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date
- vcs.pcre.org https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
- vcs.pcre.org https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
- vcs.pcre.org https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date
Remediation
- blogs.gentoo.org https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
- vcs.pcre.org https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date
- vcs.pcre.org https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
- vcs.pcre.org https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
- vcs.pcre.org https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date