CVE-2017-7186
Summary
| CVE | CVE-2017-7186 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-03-20 00:59:00 UTC |
| Updated | 2018-08-17 10:29:00 UTC |
| Description | libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PCRE2: Multiple vulnerabilities (GLSA 201710-09) — Gentoo Security | GENTOO | security.gentoo.org | |
| Bug 2052 – invalid memory read in match (pcre_exec.c) | CONFIRM | bugs.exim.org | Third Party Advisory |
| [pcre2] Diff of /code/trunk/src/pcre2_internal.h | CONFIRM | vcs.pcre.org | Patch |
| [pcre] Diff of /code/trunk/pcre_ucd.c | CONFIRM | vcs.pcre.org | Patch |
| PCRE: Multiple vulnerabilities (GLSA 201710-25) — Gentoo Security | GENTOO | security.gentoo.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| PCRE CVE-2017-7186 Denial of Service Vulnerability | BID | www.securityfocus.com | |
| libpcre: invalid memory read in match (pcre_exec.c) | agostino's blog | MISC | blogs.gentoo.org | Patch, Third Party Advisory |
| [pcre2] Diff of /code/trunk/src/pcre2_ucd.c | CONFIRM | vcs.pcre.org | Patch |
| [pcre] Diff of /code/trunk/pcre_internal.h | CONFIRM | vcs.pcre.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.