Описание
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Отчет
This issue did not affect the versions of pcre as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | pcre | Not affected | ||
| Red Hat Enterprise Linux 6 | pcre | Not affected | ||
| Red Hat Enterprise Linux 7 | pcre | Not affected | ||
| Red Hat Software Collections | php54-php | Not affected | ||
| Red Hat Software Collections | php55-php | Not affected | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-php56 | Fixed | RHSA-2016:2750 | 15.11.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-php56-php | Fixed | RHSA-2016:2750 | 15.11.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-php56-php-pear | Fixed | RHSA-2016:2750 | 15.11.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-php56 | Fixed | RHSA-2016:2750 | 15.11.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-php56-php | Fixed | RHSA-2016:2750 | 15.11.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
The compile_branch function in PCRE before 8.37 allows context-depende ...
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
EPSS
6.8 Medium
CVSS2