CLD-66 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-7186 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) pcre
Deficiency Type SECURITY
Date Created 2017-10-08 10:39:00
Date Last Modified 2017-10-08 15:13:35

Version Specific Information:

Cucumber 1.0 i686fixed in pcre-8.41-i686-1
Cucumber 1.0 x86_64fixed in pcre-8.41-x86_64-1

Cucumber 1.1 i686 fixed in pcre-8.41-i686-1
Cucumber 1.1 x86_64 fixed in pcre-8.41-x86_64-1

Details:

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to
cause a denial of service (segmentation violation for read access, and
application crash) by triggering an invalid Unicode property lookup
(https://nvd.nist.gov/vuln/detail/CVE-2017-7186).

This vulnerability has been anaylized extensively on the Gentoo blog. They claim
that this vulnerability has been fixed in pcre 8.41
(https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/).