SB2017040518 - Out-of-bounds read in pcre (Alpine package)
Published: April 5, 2017 Updated: October 11, 2022
Security Bulletin ID
SB2017040518
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2017-7186)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a segmentation violation issue by the libpcre1 and libpcre2. A remote attacker can send specially crafted packets and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=622c0975ca8f9a0441df23a7b943c7172993c082
- https://git.alpinelinux.org/aports/commit/?id=2a8cc0b0f8d0d692654555b81e6ad8f4b92ed3cd
- https://git.alpinelinux.org/aports/commit/?id=034fb34148cda90ebeb41e326687931cbed406f4
- https://git.alpinelinux.org/aports/commit/?id=0cff3d3f5f3f43853528ce076c44db6d3493a33e
- https://git.alpinelinux.org/aports/commit/?id=94e8d1e4421f3be110d3c88ab08829cff0e77012
- https://git.alpinelinux.org/aports/commit/?id=9ebc8b7d4aac3ff3b4b7b1972d631062754ffc8b
- https://git.alpinelinux.org/aports/commit/?id=f745df7c0bd4c534290b6777b1200b87ae49219e
- https://git.alpinelinux.org/aports/commit/?id=b486f3ca57ec74aab683dc6ee3e940a7f4746a60