CVE-2017-7245 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7245
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en la pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 4) o posiblemente tener otro impacto no especificado a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7245 https://bugzilla.redhat.com/show_bug.cgi?id=1437367 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7244 – pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)
https://notcve.org/view.php?id=CVE-2017-7244
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. La función _pcre32_xclass en pcre_xclass.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida) a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7244 https://bugzilla.redhat.com/show_bug.cgi?id=1437364 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2017-7246 – pcre: stack-based buffer overflow write in pcre32_copy_substring
https://notcve.org/view.php?id=CVE-2017-7246
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. Desbordamiento de búfer basado en pila en la función pcre32_copy_substring en pcre_get.c en libpcre1 en PCRE 8.40 permite a atacantes remotos provocar una denegación de servicio (WRITE de tamaño 268) o posiblemente tener otro impacto no especificado a través de un archivo manipulado. • http://www.securityfocus.com/bid/97067 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c https://security.gentoo.org/glsa/201710-25 https://access.redhat.com/security/cve/CVE-2017-7246 https://bugzilla.redhat.com/show_bug.cgi?id=1437369 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7186 – pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)
https://notcve.org/view.php?id=CVE-2017-7186
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Libpcre1 en PCRE 8.40 y libpcre2 en PCRE2 10.23 permiten a atacantes remotos provocar una denegación de servicio (infracción de segmentación para acceso de lectura y caída de aplicación) al activar una búsqueda de propiedad Unicode no válida. • http://www.securityfocus.com/bid/97030 https://access.redhat.com/errata/RHSA-2018:2486 https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c https://bugs.exim.org/show_bug.cgi?id=2052 https://security.gentoo.org/glsa/201710-09 https://security.gentoo.org/glsa/201710-25 https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=d • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-6004 – pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)
https://notcve.org/view.php?id=CVE-2017-6004
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. La función compile_bracket_matchingpath en pcre_jit_compile.c en PCRE hasta la versión 8.x en versiones anteriores a la revisión 1680 (por ejemplo, la versión empacada de PHP 7.1.1) permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de la aplicación) a través de una expresión regular manipulada. • http://www.securityfocus.com/bid/96295 http://www.securitytracker.com/id/1037850 https://access.redhat.com/errata/RHSA-2018:2486 https://bugs.exim.org/show_bug.cgi?id=2035 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201706-11 https://vcs.pcre.org/pcre/code/trunk/pcre_ji • CWE-125: Out-of-bounds Read •