CVE-2017-7246

HIGH7.8

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get

Published Mar 23, 2017

Modified 1 years ago

Details

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

References

WEB

http://www.securityfocus.com/bid/97067

ADVISORY

https://access.redhat.com/errata/RHSA-2018:2486

WEB

https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/

ADVISORY

https://security.gentoo.org/glsa/201710-25

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2017-7246

CVSS Analysis

CVSS v3.0

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMar 23, 2017

ModifiedAug 5, 2024