Summary: | <dev-libs/libpcre2-10.30: invalid memory read in match (pcre_exec.c) (CVE-2017-7186) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gentoo-bugs, polynomial-c |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 617944 | ||
Bug Blocks: | 620660 |
Description
Agostino Sarubbo
![]() CVE ID: CVE-2017-7186 Summary: libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Published: 2017-03-20T00:59:00.000Z Fixed in >=dev-libs/libpcre2-10.30, stabilization will happen in bug 617944. This issue was resolved and addressed in GLSA 201710-09 at https://security.gentoo.org/glsa/201710-09 by GLSA coordinator Aaron Bauman (b-man). |