Your submission was sent successfully! Close

CVE-2017-7186

Published: 20 March 2017

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

Notes

AuthorNote
mdeslaur
pcre32 support enabled only in pcre3/1:8.35-4
Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
pcre2
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(10.31-2)
cosmic Not vulnerable
(10.31-3)
disco Not vulnerable
(10.32-4)
eoan Not vulnerable
(10.32-4)
focal Not vulnerable
(10.32-4)
groovy Not vulnerable
(10.32-4)
hirsute Not vulnerable
(10.32-4)
impish Not vulnerable
(10.32-4)
jammy Not vulnerable
(10.32-4)
kinetic Not vulnerable
(10.32-4)
precise Does not exist

trusty Does not exist

upstream
Released (10.22-3)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date
upstream: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date

pcre3
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2:8.39-3)
bionic Not vulnerable
(2:8.39-3)
cosmic Not vulnerable
(2:8.39-3)
disco Not vulnerable
(2:8.39-3)
eoan Not vulnerable
(2:8.39-3)
focal Not vulnerable
(2:8.39-3)
groovy Not vulnerable
(2:8.39-3)
hirsute Not vulnerable
(2:8.39-3)
impish Not vulnerable
(2:8.39-3)
jammy Not vulnerable
(2:8.39-3)
kinetic Not vulnerable
(2:8.39-3)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (2:8.39-3)
xenial
Released (2:8.38-3.1ubuntu0.1~esm2)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(2:8.39-3)
Patches:


upstream: https://vcs.pcre.org/pcre?view=revision&revision=1688