Vulnerability Details CVE-2017-16231
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2018/Dec/33
- http://www.openwall.com/lists/oss-security/2017/11/01/11
- http://www.openwall.com/lists/oss-security/2017/11/01/3
- http://www.openwall.com/lists/oss-security/2017/11/01/7
- http://www.openwall.com/lists/oss-security/2017/11/01/8
- http://www.securityfocus.com/bid/101688
- https://bugs.exim.org/show_bug.cgi?id=2047
- http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2018/Dec/33
- http://www.openwall.com/lists/oss-security/2017/11/01/11
- http://www.openwall.com/lists/oss-security/2017/11/01/3
- http://www.openwall.com/lists/oss-security/2017/11/01/7
- http://www.openwall.com/lists/oss-security/2017/11/01/8
- http://www.securityfocus.com/bid/101688
- https://bugs.exim.org/show_bug.cgi?id=2047