AVG-222 log

Package	pcre
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	8.40-1
Fixed	8.41-1
Current	8.45-4 [core]
Ticket	None
Created	Mon Mar 20 17:06:33 2017

Issue	Severity	Remote	Type	Description
CVE-2017-7246	Low	Yes	Arbitrary code execution	A stack-based write buffer overflow has been found in libpcre <= 8.40, in the pcretest utility. It can lead to arbitrary code execution via a crafted...
CVE-2017-7245	Low	Yes	Arbitrary code execution	A stack-based write buffer overflow has been found in libpcre <= 8.40, in the pcretest utility. It can lead to arbitrary code execution via a crafted...
CVE-2017-7244	Low	No	Denial of service	A stack-based read buffer overflow has been found in libpcre <= 8.40, in the pcretest utility. It can lead to denial of service via a crafted expression...
CVE-2017-7186	Medium	Yes	Denial of service	libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and...

Date	Advisory	Package	Type
18 Jul 2017	ASA-201707-20	pcre	multiple issues

References
https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/

References

https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/