Описание
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.
Отчет
Red Hat Product Security classifies this issue as having a Low security impact. The vulnerability involves an infinite loop in a command-line utility, which is not typically designed to handle untrusted input. As a result, it is assessed that this does not pose a substantial security risk and does not lead to any meaningful security impact.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | pcre2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | pcre2 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | pcre2 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
Integer overflow vulnerability in pcre2test before 10.41 allows attack ...
5.3 Medium
CVSS3