Your submission was sent successfully! Close

CVE-2017-6004

Published: 16 February 2017

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
pcre3
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2:8.39-3)
bionic Not vulnerable
(2:8.39-3)
cosmic Not vulnerable
(2:8.39-3)
disco Not vulnerable
(2:8.39-3)
eoan Not vulnerable
(2:8.39-3)
focal Not vulnerable
(2:8.39-3)
groovy Not vulnerable
(2:8.39-3)
hirsute Not vulnerable
(2:8.39-3)
impish Not vulnerable
(2:8.39-3)
jammy Not vulnerable
(2:8.39-3)
kinetic Not vulnerable
(2:8.39-3)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (2:8.39-2.1)
xenial
Released (2:8.38-3.1ubuntu0.1~esm2)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(2:8.39-3)
Patches:
upstream: https://vcs.pcre.org/pcre?view=revision&revision=1680