Bugzilla – Bug 1030066
VUL-0: CVE-2017-7186: pcre,pcre2: DoS by triggering an invalid Unicode property lookup
Last modified: 2022-04-06 14:02:09 UTC
CVE-2017-7186 libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186 https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ https://bugs.exim.org/show_bug.cgi?id=2052 https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
*** Bug 1037164 has been marked as a duplicate of this bug. ***
Also affects pcre2
Trigger a version update whenever you feel like it. I communicated clearly in the past that I can't fix pcre issues
Fixed in pcre2 10.30.
This is an autogenerated message for OBS integration: This bug (1030066) was mentioned in https://build.opensuse.org/request/show/523391 Factory / pcre2
This is an autogenerated message for OBS integration: This bug (1030066) was mentioned in https://build.opensuse.org/request/show/653587 Backports:SLE-12 / pcre2
May I ask? Is the SLES12 SP5 affected by this CVE?
SUSE-SU-2021:3652-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1025709,1030066,1030803,1030805,1030807,1172973,1172974 CVE References: CVE-2017-6004,CVE-2017-7186,CVE-2017-7244,CVE-2017-7245,CVE-2017-7246,CVE-2019-20838,CVE-2020-14155 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE OpenStack Cloud Crowbar 8 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE OpenStack Cloud 9 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE OpenStack Cloud 8 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise Workstation Extension 12-SP5 (src): pcre-8.45-8.7.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise Server for SAP 12-SP4 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise Server for SAP 12-SP3 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise Server 12-SP5 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise Server 12-SP4-LTSS (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise Server 12-SP3-LTSS (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise Server 12-SP3-BCL (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise Server 12-SP2-BCL (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 SUSE Linux Enterprise High Availability 12-SP5 (src): pcre-8.45-8.7.1 SUSE Linux Enterprise High Availability 12-SP4 (src): pcre-8.45-8.7.1 SUSE Linux Enterprise High Availability 12-SP3 (src): pcre-8.45-8.7.1 HPE Helion Openstack 8 (src): pcre-8.45-8.7.1, selinux-policy-20140730-36.5.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done.