Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2017-7245

Published: 23/03/2017 Updated: 17/08/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Pcre

Vulnerability Summary

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote malicious users to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pcre pcre 8.40

Vendor Advisories

Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...
Debian CVElist Bug Report Logs: pcre3: CVE-2017-7245
Debian Bug report logs - #858678 pcre3: CVE-2017-7245 Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Mar 2017 07:21:02 UTC Severity: minor Tags: fixed-upstream, security, upstream Found in versions pcre3/2:839- ...
Debian CVElist Bug Report Logs: pcre3: CVE-2017-7186
Debian Bug report logs - #858230 pcre3: CVE-2017-7186 Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Mar 2017 06:06:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions pc ...
Debian CVElist Bug Report Logs: pcre3: CVE-2017-7246
Debian Bug report logs - #858679 pcre3: CVE-2017-7246 Package: src:pcre3; Maintainer for src:pcre3 is Matthew Vernon <matthew@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Mar 2017 07:21:05 UTC Severity: minor Tags: fixed-upstream, security, upstream Found in versions pcre3/2:839- ...
Arch Linux Issues:
A stack-based write buffer overflow has been found in libpcre <= 840, in the pcretest utility It can lead to arbitrary code execution via a crafted expression passed to the pcretest command ...

References

CWE-119https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/http://www.securityfocus.com/bid/97067https://security.gentoo.org/glsa/201710-25https://access.redhat.com/errata/RHSA-2018:2486https://access.redhat.com/errata/RHSA-2018:2486https://nvd.nist.govhttps://security.archlinux.org/CVE-2017-7245
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgeryCVE-2024-34351CVE-2024-1076CVE-2024-25522CVE-2024-34547CVE-2024-4644unauthorizedremoteCVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook