CLD-66 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
pcre |
Deficiency Type |
SECURITY |
Date Created |
2017-10-08 10:39:00 |
Date Last Modified |
2017-10-08 15:13:35 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in pcre-8.41-i686-1 |
Cucumber 1.0 x86_64 | fixed in pcre-8.41-x86_64-1 |
Cucumber 1.1 i686 |
fixed in pcre-8.41-i686-1 |
Cucumber 1.1 x86_64 |
fixed in pcre-8.41-x86_64-1 |
Details:
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to
cause a denial of service (segmentation violation for read access, and
application crash) by triggering an invalid Unicode property lookup
(https://nvd.nist.gov/vuln/detail/CVE-2017-7186).
This vulnerability has been anaylized extensively on the Gentoo blog. They claim
that this vulnerability has been fixed in pcre 8.41
(https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/).