Описание
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
Меры по смягчению последствий
This flaw can be mitigated by not compiling regular expressions with a callout value greater outside of 0-255 or handling the value passed to the callback within the application code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/management-ingress-rhel8 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | pcre | Out of support scope | ||
| Red Hat Enterprise Linux 7 | pcre | Fix deferred | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-apr | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-apr-util | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-curl | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_cluster-native | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_http2 | Fixed | RHSA-2021:4614 | 10.11.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_jk | Fixed | RHSA-2021:4614 | 10.11.2021 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
libpcre in PCRE before 8.44 allows an integer overflow via a large num ...
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
5.3 Medium
CVSS3