CVE-2017-7186 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
Group Package Affected Fixed Severity Status Ticket
AVG-223 pcre2 10.23-1 10.30-1 Medium Fixed
AVG-222 pcre 8.40-1 8.41-1 Medium Fixed
Date Advisory Group Package Severity Type
12 Oct 2017 ASA-201710-18 AVG-223 pcre2 Medium denial of service
18 Jul 2017 ASA-201707-20 AVG-222 pcre Medium multiple issues
References
https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
https://bugs.exim.org/show_bug.cgi?id=2052
https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date