Vulnerability CVE-2017-8786

Vulnerability Name:

CVE-2017-8786 (CCN-125759)

Assigned:

2017-04-29

Published:

2017-04-29

Updated:

2017-10-10

Summary:

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2017-8786

Source: CCN
Type: agostino's blog, April 29, 2017
libpcre: heap-based buffer overflow write in pcre2test.c

Source: MISC
Type: Exploit, Patch, Third Party Advisory, VDB Entry
https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory, VDB Entry
https://bugs.exim.org/show_bug.cgi?id=2079

Source: XF
Type: UNKNOWN
pcre2-cve20178786-bo(125759)

Source: GENTOO
Type: UNKNOWN
GLSA-201710-09

Source: CCN
Type: PCRE Web site
Diff of /code/trunk/src/pcre2test.c

Source: MISC
Type: Patch, Vendor Advisory
https://vcs.pcre.org/pcre2?view=revision&revision=696

Source: MISC
Type: Patch, Vendor Advisory
https://vcs.pcre.org/pcre2?view=revision&revision=697

Vulnerable Configuration:

Configuration 1:

cpe:/a:pcre:pcre2:10.23:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20178786	V	CVE-2017-8786	2023-06-22
oval:org.opensuse.security:def:7641	P	libpcre2-16-0-10.39-150400.4.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:793	P	Security update for expat (Important)	2022-10-01
oval:org.opensuse.security:def:773	P	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)	2022-09-22
oval:org.opensuse.security:def:682	P	Security update for python-M2Crypto (Important)	2022-08-05
oval:org.opensuse.security:def:93829	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3055	P	dovecot22-2.2.31-19.17.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94685	P	libpcre2-16-0-10.39-150400.2.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:178	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:177	P	libpcre1-32bit-8.41-4.20 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1374	P	Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) (Important)	2022-06-06
oval:org.opensuse.security:def:466	P	Security update for amazon-ssm-agent (Important)	2022-05-03
oval:org.opensuse.security:def:112764	P	libpcre2-16-0-10.37-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:69760	P	Security update for poppler (Important)	2021-12-01
oval:org.opensuse.security:def:1129	P	Security update for rpm (Important)	2021-10-15
oval:org.opensuse.security:def:106236	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:1485	P	Security update for ffmpeg (Moderate)	2021-10-06
oval:org.opensuse.security:def:64580	P	Security update for gd (Moderate)	2021-09-27
oval:org.opensuse.security:def:61555	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71280	P	libmpfr6-4.0.1-1.46 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96675	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71296	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71167	P	dbus-1-1.12.2-6.21 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103365	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89710	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:47759	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46987	P	libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47902	P	tboot-20170711_1.9.7-1.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47756	P	libopenvswitch-2_8-0-2.8.4-3.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47643	P	hplip-3.16.11-1.33 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47824	P	mailman-2.1.17-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46988	P	libX11-6-1.6.2-4.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47986	P	cvs-1.12.12-182.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47904	P	tftp-5.2-11.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47775	P	libqt4-32bit-4.8.7-8.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47027	P	libhivex0-1.3.10-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47855	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47002	P	libXvMC1-1.0.8-3.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48048	P	jakarta-commons-fileupload-1.1.1-122.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47203	P	apache2-2.4.23-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48118	P	libgoa-1_0-0-3.20.8-10.4.50 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47867	P	python-libxml2-2.9.4-46.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47159	P	sudo-1.8.10p3-6.16 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47926	P	xorg-x11-7.6_1-14.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47123	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48113	P	libgc1-7.2d-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47204	P	apache2-mod_apparmor-2.8.2-49.21 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48202	P	libsystemd0-228-155.21 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48015	P	gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47251	P	evince-3.20.1-5.66 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47316	P	libXi6-1.7.4-17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48144	P	libltdl7-2.4.2-17.4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47218	P	bzip2-1.0.6-29.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48264	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47314	P	libXfixes3-32bit-5.0.1-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48229	P	libxslt-tools-1.1.28-17.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47399	P	libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47448	P	mutt-1.6.0-54.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48215	P	libvirglrenderer0-0.5.0-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47339	P	libdmx1-1.1.3-3.51 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48329	P	ucode-intel-20191112-1.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47315	P	libXfont1-1.5.1-10.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48313	P	stunnel-5.00-4.3.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47613	P	g3utils-1.1.36-58.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47540	P	yast2-core-3.2.2-1.29 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47532	P	xfsprogs-4.3.0-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47329	P	libapr-util1-1.5.3-1.46 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47697	P	libcairo-gobject2-1.15.2-25.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47688	P	libXvnc1-1.6.0-18.23.72 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47664	P	libICE6-1.0.8-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47450	P	opensc-0.13.0-1.107 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:62196	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100954	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71937	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1018	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1107	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:69865	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:46713	P	libXxf86vm1-1.1.3-3.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48471	P	libXrandr2-1.5.0-6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46834	P	radvd-1.9.7-2.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48618	P	rsyslog-8.4.0-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61266	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48564	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48542	P	libpython2_7-1_0-2.7.9-24.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71066	P	pam_krb5-2.4.13-1.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48907	P	gnome-shell-calendar-3.20.4-77.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48853	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71007	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70953	P	libXp-devel-1.0.3-1.24 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46698	P	libXRes1-1.0.7-3.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48360	P	MozillaFirefox-45.4.0esr-81.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48375	P	automake-1.13.4-6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46699	P	libXcursor1-1.1.14-3.60 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48431	P	gnome-settings-daemon-3.20.1-40.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48440	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64493	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:49459	P	Security update for php72 (Important)	2021-02-17
oval:org.opensuse.security:def:64279	P	Security update for webkit2gtk3 (Important)	2020-12-17
oval:org.opensuse.security:def:66417	P	Security update for python-urllib3 (Moderate)	2020-12-09
oval:org.opensuse.security:def:71603	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103579	P	libpcre2-posix2-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89924	P	libpcre2-posix2-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62463	P	libpcre2-posix2-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107208	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116766	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62574	P	libpcre2-posix2-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72182	P	libpcre2-posix2-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61862	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72293	P	libpcre2-posix2-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100542	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49405	P	gdk-pixbuf-query-loaders-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73082	P	g3utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66509	P	libpcre2-16-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49570	P	libpcre2-posix2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49516	P	gdk-pixbuf-query-loaders-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67713	P	libpcre2-16-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67613	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64366	P	libpcre2-16-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67927	P	libpcre2-posix2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49214	P	libpcre2-16-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67827	P	ucode-intel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49160	P	libbsd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73200	P	libpcre2-16-0 on GA media (Moderate)	2020-12-01
oval:com.ubuntu.xenial:def:201787860000000	V	CVE-2017-8786 on Ubuntu 16.04 LTS (xenial) - negligible.	2017-05-05
oval:com.ubuntu.disco:def:201787860000000	V	CVE-2017-8786 on Ubuntu 19.04 (disco) - negligible.	2017-05-05
oval:com.ubuntu.bionic:def:201787860000000	V	CVE-2017-8786 on Ubuntu 18.04 LTS (bionic) - negligible.	2017-05-05
oval:com.ubuntu.artful:def:20178786000	V	CVE-2017-8786 on Ubuntu 17.10 (artful) - negligible.	2017-05-04
oval:com.ubuntu.bionic:def:20178786000	V	CVE-2017-8786 on Ubuntu 18.04 LTS (bionic) - negligible.	2017-05-04
oval:com.ubuntu.cosmic:def:201787860000000	V	CVE-2017-8786 on Ubuntu 18.10 (cosmic) - negligible.	2017-05-04
oval:com.ubuntu.cosmic:def:20178786000	V	CVE-2017-8786 on Ubuntu 18.10 (cosmic) - negligible.	2017-05-04
oval:com.ubuntu.xenial:def:20178786000	V	CVE-2017-8786 on Ubuntu 16.04 LTS (xenial) - negligible.	2017-05-04

BACK