CVE-2017-6004 — Out-of-bounds Read in Pcre

CWE-125 — Out-of-bounds Read14 documents7 sources

Severity

7.5HIGHNVD

EPSS

4.1%

top 11.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Pcre3 Pcre

Timeline

PublishedFeb 16

Latest updateOct 10

Description

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/pcre3< pcre3 2:8.39-2.1 (bookworm)

▶NVDpcre/pcre8.38

Patches

Patch: vcs.pcre.org ↗Patch: vcs.pcre.org ↗

🔴Vulnerability Details

OSV

pcre3 vulnerabilities↗2022-10-10

▶

GHSA

GHSA-59rh-53qm-wcv4: The compile_bracket_matchingpath function in pcre_jit_compile↗2022-05-13

▶

OSV

CVE-2017-6004: The compile_bracket_matchingpath function in pcre_jit_compile↗2017-02-16

▶

📋Vendor Advisories

Ubuntu

PCRE vulnerabilities↗2022-10-10

▶

Red Hat

pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)↗2017-02-14

▶

Debian

CVE-2017-6004: pcre3 - The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through ...↗2017

▶

💬Community

Bugzilla

CVE-2017-6004 pcre: Out-of-bounds read in compile_bracket_matchingpath function [fedora-all]↗2017-02-21

▶

Bugzilla

CVE-2017-6004 pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)↗2017-02-21

▶

Bugzilla

CVE-2017-6004 mingw-glib2: pcre: Out-of-bounds read in compile_bracket_matchingpath function [epel-7]↗2017-02-21

▶

Bugzilla

CVE-2017-6004 mingw-pcre: pcre: Out-of-bounds read in compile_bracket_matchingpath function [epel-7]↗2017-02-21

▶

Bugzilla

CVE-2017-6004 mingw-glib2: pcre: Out-of-bounds read in compile_bracket_matchingpath function [fedora-all]↗2017-02-21

▶