Published: 18/03/2017 Updated: 11/07/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.

Vulnerable Product	Search on Vulmon	Subscribe to Product
erlang erlang\\/otp 19.3.6.8
erlang erlang\\/otp 19.3.6.6
erlang erlang\\/otp 19.3.6
erlang erlang\\/otp 19.1.6.1
erlang erlang\\/otp 19.3
erlang erlang\\/otp 19.2.2
erlang erlang\\/otp 19.1.2
erlang erlang\\/otp 19.1
erlang erlang\\/otp 19.0.1
erlang erlang\\/otp 18.0
erlang erlang\\/otp 18.0.3
erlang erlang\\/otp 18.1.1
erlang erlang\\/otp 18.2.2
erlang erlang\\/otp 18.2.4
erlang erlang\\/otp 18.3.4.1
erlang erlang\\/otp 18.3.4.3
erlang erlang\\/otp 19.0
erlang erlang\\/otp 19.3.4
erlang erlang\\/otp 19.3.3
erlang erlang\\/otp 19.3.2
erlang erlang\\/otp 19.3.1
erlang erlang\\/otp 19.0.6
erlang erlang\\/otp 19.0.5
erlang erlang\\/otp 19.0.4
erlang erlang\\/otp 19.0.3
erlang erlang\\/otp 18.1.3
erlang erlang\\/otp 18.1.4
erlang erlang\\/otp 18.1.5
erlang erlang\\/otp 18.2
erlang erlang\\/otp 18.3.4.4
erlang erlang\\/otp 18.3.4.5
erlang erlang\\/otp 19.3.6.9
erlang erlang\\/otp 19.3.6.7
erlang erlang\\/otp 19.3.6.1
erlang erlang\\/otp 19.3.5
erlang erlang\\/otp 19.2.3
erlang erlang\\/otp 19.2.1
erlang erlang\\/otp 19.1.3
erlang erlang\\/otp 19.1.1
erlang erlang\\/otp 19.0.7
erlang erlang\\/otp 19.0.2
erlang erlang\\/otp 18.1
erlang erlang\\/otp 18.1.2
erlang erlang\\/otp 18.2.1
erlang erlang\\/otp 18.2.3
erlang erlang\\/otp 18.2.4.1
erlang erlang\\/otp 18.3.4
erlang erlang\\/otp 18.3.4.2
erlang erlang\\/otp 19.3.6.5
erlang erlang\\/otp 19.2.3.1
erlang erlang\\/otp 19.3.6.4
erlang erlang\\/otp 19.3.6.3
erlang erlang\\/otp 19.3.6.2
erlang erlang\\/otp 19.2
erlang erlang\\/otp 19.1.6
erlang erlang\\/otp 19.1.5
erlang erlang\\/otp 19.1.4
erlang erlang\\/otp 18.0.1
erlang erlang\\/otp 18.0.2
erlang erlang\\/otp 18.3
erlang erlang\\/otp 18.3.1
erlang erlang\\/otp 18.3.2
erlang erlang\\/otp 18.3.3

Debian Bug report logs - #858313 erlang: CVE-2016-10253 Package: src:erlang; Maintainer for src:erlang is Debian Erlang Packagers <pkg-erlang-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 21 Mar 2017 05:27:01 UTC Severity: important Tags: security, upstream Found in ...

Several security issues were fixed in Erlang ...

An issue was discovered in Erlang/OTP 18x Erlang's generation of compiled regular expressions is vulnerable to a heap overflow Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to ...

CWE-119 https://github.com/erlang/otp/pull/1108 https://usn.ubuntu.com/3571-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858313 https://usn.ubuntu.com/3571-1/https://nvd.nist.gov

CVE-2016-10253

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect