Out-of-Bounds Read and Application Crash Vulnerability in PCRE

Out-of-Bounds Read and Application Crash Vulnerability in PCRE

CVE-2017-6004 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

Learn more about our Web Application Penetration Testing UK.