AVG-222

Package pcre
Status Fixed
Severity Medium
Type multiple issues
Affected 8.40-1
Fixed 8.41-1
Current 8.43-1 [core]
Ticket None
Created Mon Mar 20 17:06:33 2017
Issue Severity Remote Type Description
CVE-2017-7246 Low Yes Arbitrary code execution
A stack-based write buffer overflow has been found in libpcre <= 8.40, in the pcretest utility. It can lead to arbitrary code execution via a crafted...
CVE-2017-7245 Low Yes Arbitrary code execution
A stack-based write buffer overflow has been found in libpcre <= 8.40, in the pcretest utility. It can lead to arbitrary code execution via a crafted...
CVE-2017-7244 Low No Denial of service
A stack-based read buffer overflow has been found in libpcre <= 8.40, in the pcretest utility. It can lead to denial of service via a crafted expression...
CVE-2017-7186 Medium Yes Denial of service
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and...
Date Advisory Package Description
18 Jul 2017 ASA-201707-20 pcre multiple issues
References
https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/