A stack-based buffer overflow flaw was found in PCRE. An attacker could use a crafted file that, when processed by PCRE, would crash the application using the PCRE library. This issue only affects the PCRE version 8.40.
Created pcre tracking bugs for this issue: Affects: fedora-all [bug 1437368]
External References: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
Upstream report <https://bugs.exim.org/show_bug.cgi?id=2055>.
According to the upstream report, this issue (along with CVE-2017-7244 and CVE-2017-7246) was fixed with: commit 8037f71d03b3cd8919248f38448a0a2d3715c18c Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> Date: Fri Feb 24 17:30:30 2017 +0000 Fix Unicode property crash for 32-bit characters greater than 0x10ffff. git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1688 2f5784b3-3f2a-0410-8824- cb99058d5e15
Created glib2 tracking bugs for this issue: Affects: fedora-all [bug 1437484] Created mingw-glib2 tracking bugs for this issue: Affects: epel-7 [bug 1437486] Affects: fedora-all [bug 1437487] Created mingw-pcre tracking bugs for this issue: Affects: epel-7 [bug 1437483] Affects: fedora-all [bug 1437485]
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:2486