CVE-2017-6004

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PCRE versions prior to revision 1680 PCRE versions 8.x and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via a crafted regular expression. This is due to a problem in the compile bracket matchingpath function in pcre jit compile.c.

Recommendations For PCRE versions prior to revision 1680, update to a version that includes the fix for this issue. For PCRE versions 8.x and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of crafted regular expressions to minimize the risk of exploitation.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2016-1611

CVE-2017-6004

MGASA-2017-0454

OPENSUSE-SU-2024:11153-1

SUSE-SU-2021:3652-1

SUSE-SU-2021_3652-1

USN-5665-1

Affected Products

Alt Linux

Pcre

Suse

Ubuntu

CVE-2017-6004

Weakness Enumeration

Related Identifiers

Affected Products

References · 41