CVE-2017-13846

Published: 13 November 2017

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
pcre2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

pcre3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Notes

AuthorNote
tyhicks
It isn't clear if this affects the upstream PCRE or not. Adding
for now until we get more information.
mdeslaur
possibly apple-specific, no details as of 2018-03-27, so
marking as not-affected

References