CVE-2017-16231 — MEDIUM (5.5)

Vulnerability Description

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pcre	Pcre	8.41

Related Weaknesses (CWE)

CWE-119

References

http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.htmlThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2018/Dec/33Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/01/11Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/01/3ExploitMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/01/7Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/01/8ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/101688Third Party AdvisoryVDB Entry
https://bugs.exim.org/show_bug.cgi?id=2047Issue TrackingThird Party Advisory
http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.htmlThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2018/Dec/33Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/01/11Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/01/3ExploitMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/01/7Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2017/11/01/8ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/101688Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-16231?

CVE-2017-16231 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of ...

How severe is CVE-2017-16231?

CVE-2017-16231 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-16231?

Check the references section above for vendor advisories and patch information. Affected products include: Pcre Pcre.