CVE-2017-7186
HIGHPCRE 8.40 and PCRE2 10.23 - Denial of Service via Invalid Unicode Property Lookup
Title source: llmDescription
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
References (10)
Core 10
Core References
Third Party Advisory x_refsource_confirm
https://bugs.exim.org/show_bug.cgi?id=2052
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201710-09
Patch x_refsource_confirm
https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date
Patch x_refsource_confirm
https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
Patch x_refsource_confirm
https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97030
Patch, Third Party Advisory x_refsource_misc
https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
Patch x_refsource_confirm
https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2486
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201710-25
Scores
CVSS v3
7.5
EPSS
0.0503
EPSS Percentile
91.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (2)
pcre/pcre
8.40
pcre/pcre2
10.23
Published
Mar 20, 2017
Tracked Since
Feb 18, 2026