Vulnerability Details CVE-2017-7244
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/97067
- https://access.redhat.com/errata/RHSA-2018:2486
- https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
- https://security.gentoo.org/glsa/201710-25
- http://www.securityfocus.com/bid/97067
- https://access.redhat.com/errata/RHSA-2018:2486
- https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
- https://security.gentoo.org/glsa/201710-25