[3.5] pcre: Multiple issues (CVE-2017-7186, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246)
CVE-2017-7186: invalid memory read in match (pcre_exec.c)
Affected version:
8.40 and 10.23
Fixed version:
8.41 and 10.24 (not released atm)
References:
http://seclists.org/oss-sec/2017/q1/649
Commit fix for libpcre1:
https://vcs.pcre.org/pcre/code/trunk/pcre\_internal.h?r1=1649&r2=1688&sortby=date
https://vcs.pcre.org/pcre/code/trunk/pcre\_ucd.c?r1=1490&r2=1688&sortby=date
Commit fix for libpcre2:
https://vcs.pcre.org/pcre2/code/trunk/src/pcre2\_ucd.c?r1=316&r2=670&sortby=date
https://vcs.pcre.org/pcre2/code/trunk/src/pcre2\_internal.h?r1=600&r2=670&sortby=date
CVE-2017-7244: invalid memory read in _pcre32_xclass (pcre_xclass.c)
Affected version:
8.40
Fixed version:
8.41 (not released atm)
Reference:
http://openwall.com/lists/oss-security/2017/03/24/1
CVE-2017-7245: Stack-based buffer overflow in the pcre32_copy_substring function
Affected version:
8.40
Fixed version:
8.41 (not released atm)
References:
http://openwall.com/lists/oss-security/2017/03/24/2
CVE-2017-7246: Stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c)
Affected version:
8.40
Fixed version:
8.41 (not released atm)
References:
http://openwall.com/lists/oss-security/2017/03/24/2
(from redmine: issue id 7069, created on 2017-03-29, closed on 2019-05-04)
- Relations:
- parent #7067