Fluid Attacks Database

Description

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	pcre3	>=0 <2:8.39-2.1	2:8.39-2.1
debian 11	pcre3	>=0 <2:8.39-2.1	2:8.39-2.1
rpm rhel7	pcre	-	-

Aliases

1. CVE-2017-60042. NVD-2017-60043. OSV-DEBIAN-2017-60044. OSV-2017-60045. SECURITY-TRACKER-CVE-2017-6004

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.