CVE-2017-8399

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow9 documents7 sources

Severity

9.8CRITICAL

EPSS

2.7%

top 14.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pcre Pcre2

Timeline

PublishedMay 1

Latest updateMay 14

Description

PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDpcre/pcre2< 10.30

▶Ubuntupcre2< 10.21-1+1

Patches

Patch: vcs.pcre.org ↗Patch: vcs.pcre.org ↗

🔴Vulnerability Details

GHSA

GHSA-wrv9-5822-445x: PCRE2 before 10↗2022-05-14

▶

OSV

CVE-2017-8399: PCRE2 before 10↗2017-05-01

▶

CVEList

CVE-2017-8399: PCRE2 before 10↗2017-05-01

▶

📋Vendor Advisories

Red Hat

pcre2: Stack-based buffer overflow in pcre2_match.c↗2017-03-10

▶

Debian

CVE-2017-8399: pcre2 - PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer ove...↗2017

▶

💬Community

Bugzilla

CVE-2017-8399 pcre2: Stack-based buffer overflow in pcre2_match.c [fedora-all]↗2017-05-10

▶

Bugzilla

CVE-2017-8399 pcre2: Stack-based buffer overflow in pcre2_match.c [epel-all]↗2017-05-10

▶

Bugzilla

CVE-2017-8399 pcre2: Stack-based buffer overflow in pcre2_match.c↗2017-05-10

▶