A flaw was found in the PCRE library:
PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application.
Upstream issue:
http://bugs.exim.org/show_bug.cgi?id=1592
Upstream patch:
http://vcs.pcre.org/pcre?revision=1529&view=revision
Statement:
This issue did not affect the versions of pcre as shipped with Red Hat Enterprise Linux 5, 6, and 7.
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 6
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
Red Hat Software Collections for Red Hat Enterprise Linux 7
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
Via RHSA-2016:2750 https://rhn.redhat.com/errata/RHSA-2016-2750.html