Main Vulnerability Database SB2017081821

SB2017081821 - Buffer overflow in pcre (Alpine package)

Published: August 18, 2017

Security Bulletin ID SB2017081821

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2017-7246)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in pcre32_copy_substring() function in pcre_get.c in libpcre1 in PCRE 8.40. A remote unauthenticated attacker can create a specially crafted file, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=94e8d1e4421f3be110d3c88ab08829cff0e77012
https://git.alpinelinux.org/aports/commit/?id=ddd6855fbf390add5ba3fb78e8db3c8a08d09369