CVE-2017-8786Improper Restriction of Operations within the Bounds of a Memory Buffer in Pcre2

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow9 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pcre Pcre2
Timeline
PublishedMay 5
Latest updateMay 17

Description

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianpcre/pcre2< 10.31-1+3
NVDpcre/pcre210.23

Patches

Patch: blogs.gentoo.orgPatch: vcs.pcre.orgPatch: vcs.pcre.org

🔴Vulnerability Details

3
GHSA
GHSA-5w9f-5949-m2r9: pcre2test2022-05-17
CVEList
CVE-2017-8786: pcre2test2017-05-05
OSV
CVE-2017-8786: pcre2test2017-05-05

📋Vendor Advisories

2
Red Hat
pcre2: Heap-based buffer overflow in pcre2test.c2017-03-21
Debian
CVE-2017-8786: pcre2 - pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service ...2017

💬Community

3
Bugzilla
CVE-2017-8786 mingw-pcre2: pcre2: Heap-based buffer overflow in pcre2test.c [fedora-26]2017-10-11
Bugzilla
CVE-2017-8786 pcre2: Heap-based buffer overflow in pcre2test.c [epel-6]2017-10-11
Bugzilla
CVE-2017-8786 pcre2: Heap-based buffer overflow in pcre2test.c2017-10-11
CVE-2017-8786 — Pcre Pcre2 vulnerability | cvebase