CVE-2017-7186 – pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)

https://notcve.org/view.php?id=CVE-2017-7186

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegación de servicio (infracción de segmentación para acceso de lectura y caída de aplicación) al activar una búsqueda de propiedad Unicode no válida. • http://www.securityfocus.com/bid/97030 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c https://bugs.exim.org/show_bug.cgi?id=2052 https://security.gentoo.org/glsa/201710-09 https://security.gentoo.org/glsa/201710-25 https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=d • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •