Vulnerability Details : CVE-2017-16231
Potential exploit
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used
Products affected by CVE-2017-16231
- cpe:2.3:a:pcre:pcre:8.41:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-16231
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16231
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-07-08 |
CWE ids for CVE-2017-16231
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-16231
-
http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
PCRE 8.41 Buffer Overflow ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2017/11/01/7
oss-security - Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaksMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/11
oss-security - Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaksMailing List;Third Party Advisory
-
https://bugs.exim.org/show_bug.cgi?id=2047
Bug 2047 – infinite loop in pcre_exec.cIssue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/101688
PCRE CVE-2017-16231 Local Stack Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2017/11/01/8
oss-security - Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaksExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2018/Dec/33
Full Disclosure: Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)Mailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/3
oss-security - CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaksExploit;Mailing List;Third Party Advisory
Jump to