CVE Vulnerabilities

CVE-2017-11164

Uncontrolled Recursion

Published: Jul 11, 2017 | Modified: Feb 25, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Weakness

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

Name Vendor Start Version End Version
Pcre Pcre 8.41 8.41
Pcre3 Ubuntu artful *
Pcre3 Ubuntu bionic *
Pcre3 Ubuntu cosmic *
Pcre3 Ubuntu devel *
Pcre3 Ubuntu disco *
Pcre3 Ubuntu eoan *
Pcre3 Ubuntu esm-infra/xenial *
Pcre3 Ubuntu focal *
Pcre3 Ubuntu groovy *
Pcre3 Ubuntu hirsute *
Pcre3 Ubuntu impish *
Pcre3 Ubuntu jammy *
Pcre3 Ubuntu precise/esm *
Pcre3 Ubuntu trusty *
Pcre3 Ubuntu trusty/esm *
Pcre3 Ubuntu upstream *
Pcre3 Ubuntu vivid/ubuntu-core *
Pcre3 Ubuntu xenial *
Pcre3 Ubuntu yakkety *
Pcre3 Ubuntu zesty *

Potential Mitigations

References