CVE-2017-7186

CWE-119 — Buffer Overflow CWE-20 — Improper Input Validation17 documents8 sources

Severity

7.5HIGH

EPSS

7.1%

top 8.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pcre Pcre Pcre Pcre2

Timeline

PublishedMar 20

Latest updateOct 10

Description

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶Debianpcre2< 10.22-3+3

▶NVDpcre/pcre210.23

▶Debianpcre3< 2:8.39-3+1

▶Ubuntupcre3< 2:8.38-3.1ubuntu0.1~esm2

▶NVDpcre/pcre8.40

Patches

Patch: blogs.gentoo.org ↗Patch: vcs.pcre.org ↗Patch: vcs.pcre.org ↗

🔴Vulnerability Details

OSV

pcre3 vulnerabilities↗2022-10-10

▶

GHSA

GHSA-vrw4-ffp3-c5mv: libpcre1 in PCRE 8↗2022-05-14

▶

OSV

leptonlib vulnerabilities↗2021-03-15

▶

OSV

CVE-2017-7186: libpcre1 in PCRE 8↗2017-03-20

▶

CVEList

CVE-2017-7186: libpcre1 in PCRE 8↗2017-03-20

▶

📋Vendor Advisories

Ubuntu

PCRE vulnerabilities↗2022-10-10

▶

Red Hat

pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)↗2017-02-23

▶

Debian

CVE-2017-7186: pcre2 - libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to caus...↗2017

▶

💬Community

Bugzilla

CVE-2017-7186 mingw-glib2: pcre, pcre2: Invalid Unicode property lookup [fedora-all]↗2017-03-21

▶

Bugzilla

CVE-2017-7186 mingw-pcre: pcre, pcre2: Invalid Unicode property lookup [epel-7]↗2017-03-21

▶

Bugzilla

CVE-2017-7186 glib2: pcre, pcre2: Invalid Unicode property lookup [fedora-all]↗2017-03-21

▶

Bugzilla

CVE-2017-7186 mingw-glib2: pcre, pcre2: Invalid Unicode property lookup [epel-7]↗2017-03-21

▶

Bugzilla

CVE-2017-7186 pcre2: pcre, pcre2: Invalid Unicode property lookup [epel-7]↗2017-03-21

▶