Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2017-6004
HistoryFeb 16, 2017 - 11:59 a.m.

CVE-2017-6004

2017-02-1611:59:00
Debian Security Bug Tracker
security-tracker.debian.org
12

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.018

Percentile

88.1%

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

OSVersionArchitecturePackageVersionFilename
Debian12allpcre3< 2:8.39-2.1pcre3_2:8.39-2.1_all.deb
Debian11allpcre3< 2:8.39-2.1pcre3_2:8.39-2.1_all.deb
Debian999allpcre3< 2:8.39-2.1pcre3_2:8.39-2.1_all.deb

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.018

Percentile

88.1%