Bug 1437367 (CVE-2017-7245)
Summary: | CVE-2017-7245 pcre: stack-based buffer overflow write in pcre32_copy_substring | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | adam.stokes, andrew, csutherl, databases-maint, erik-fedora, fedora-mingw, fedora, fidencio, gzaronik, hhorak, jclere, jdoyle, jgrulich, jorton, klember, lgao, lkundrak, marcandre.lureau, mbabacek, mclasen, mmuzila, mreynolds, mschorm, mturk, myarboro, pmyers, ppisar, pslavice, rcollet, rjones, rsvoboda, twalsh, walters, webstack-team, weli |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-03-30 08:15:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1437368, 1437483, 1437484, 1437485, 1437486, 1437487 | ||
Bug Blocks: | 1434510, 1439436 |
Description
Martin Prpič
2017-03-30 08:11:48 UTC
Created pcre tracking bugs for this issue: Affects: fedora-all [bug 1437368] External References: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ Upstream report <https://bugs.exim.org/show_bug.cgi?id=2055>. According to the upstream report, this issue (along with CVE-2017-7244 and CVE-2017-7246) was fixed with: commit 8037f71d03b3cd8919248f38448a0a2d3715c18c Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> Date: Fri Feb 24 17:30:30 2017 +0000 Fix Unicode property crash for 32-bit characters greater than 0x10ffff. git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1688 2f5784b3-3f2a-0410-8824- cb99058d5e15 Created glib2 tracking bugs for this issue: Affects: fedora-all [bug 1437484] Created mingw-glib2 tracking bugs for this issue: Affects: epel-7 [bug 1437486] Affects: fedora-all [bug 1437487] Created mingw-pcre tracking bugs for this issue: Affects: epel-7 [bug 1437483] Affects: fedora-all [bug 1437485] This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:2486 |