CVE-2017-16231

Опубликовано: 01 нояб. 2017

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used

Отчет

Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	pcre	Not affected
Red Hat Enterprise Linux 6	chromium-browser	Not affected
Red Hat Enterprise Linux 6	firefox	Not affected
Red Hat Enterprise Linux 6	glib2	Not affected
Red Hat Enterprise Linux 6	pcre	Not affected
Red Hat Enterprise Linux 6	thunderbird	Not affected
Red Hat Enterprise Linux 7	glib2	Not affected
Red Hat Enterprise Linux 7	pcre	Not affected
Red Hat Enterprise Linux 7	virtuoso-opensource	Not affected
Red Hat Enterprise Linux 8	mingw-pcre	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:

CWE-119->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1700392pcre: self-recursive call in match() in pcre_exec.c leads to denial of service

EPSS

Процентиль: 27%

0.00094

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-16231

CVSS3: 5.5

ubuntu

почти 7 лет назад

CVE-2017-16231

CVSS3: 5.5

nvd

почти 7 лет назад

CVE-2017-16231

CVSS3: 5.5

debian

почти 7 лет назад

In PCRE 8.41, after compiling, a pcretest load test PoC produces a cra ...

GHSA-5hhr-8qw3-63p2

CVSS3: 5.5

github

больше 3 лет назад

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

EPSS

Процентиль: 27%

0.00094

Низкий

5.5 Medium

CVSS3