CVE-2017-11164
HIGHPCRE 8.41 - Uncontrolled Recursion via OP_KETRMAX in pcre_exec.c
Title source: llmDescription
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/99575
Mailing List mailing-list
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/04/11/1
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/04/12/1
Mailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2017/07/11/3
Scores
CVSS v3
7.5
EPSS
0.0310
EPSS Percentile
86.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-674
Status
published
Products (1)
pcre/pcre
8.41
Published
Jul 11, 2017
Tracked Since
Feb 18, 2026