CVE-2017-16231

Published: 21 March 2019

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
pcre3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Notes

AuthorNote
mdeslaur
possibly https://bugs.exim.org/show_bug.cgi?id=2047
which upstream thinks isn't an issue
marking this as not-affected since this was disputed

References