9.8

CVE-2017-8786

Exploit
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PcrePcre2 Version10.23
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.07% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://security.gentoo.org/glsa/201710-09
https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/
Patch
Third Party Advisory
Exploit
VDB Entry
https://bugs.exim.org/show_bug.cgi?id=2079
Third Party Advisory
Exploit
VDB Entry
Issue Tracking
https://vcs.pcre.org/pcre2?view=revision&revision=696
Patch
Vendor Advisory
https://vcs.pcre.org/pcre2?view=revision&revision=697
Patch
Vendor Advisory