Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-6004

Published: 16/02/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Pcre

Vulnerability Summary

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE up to and including 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pcre pcre

Vendor Advisories

Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...
Debian CVElist Bug Report Logs: pcre3: CVE-2017-6004
Debian Bug report logs - #855405 pcre3: CVE-2017-6004 Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 Feb 2017 14:36:02 UTC Severity: grave Tags: patch, security, upstream Found in version pcre3/2:839-2 Fixed in ...
Ubuntu Security Notice: USN-5665-1: PCRE vulnerabilities
PCRE could be made to crash if it received specially crafted input ...
Red Hat: CVE-2017-6004
The compile_bracket_matchingpath function in pcre_jit_compilec in PCRE through 8x before revision 1680 (eg, the PHP 711 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression ...

References

CWE-125https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patchhttps://bugs.exim.org/show_bug.cgi?id=2035http://www.securityfocus.com/bid/96295https://security.gentoo.org/glsa/201706-11http://www.securitytracker.com/id/1037850https://access.redhat.com/errata/RHSA-2018:2486https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2018:2486https://ubuntu.com/security/notices/USN-5665-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook