CVE-2017-7244: Input Validation

Reference Links

• https://www.cve.org/CVERecord?id=CVE-2017-7244 https://nvd.nist.gov/vuln/detail/CVE-2017-7244 https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
• https://bugzilla.redhat.com/show_bug.cgi?id=1437364
• https://access.redhat.com/errata/RHSA-2018:2486
• https://access.redhat.com/security/cve/CVE-2017-7244
• http://www.securityfocus.com/bid/97067
• https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
• https://security.gentoo.org/glsa/201710-25
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1437365
• https://bugs.exim.org/show_bug.cgi?id=2054
• https://bugs.exim.org/show_bug.cgi?id=2052
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1437484
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1437486
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1437487
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1437483
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1437485

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2018:2486

Frequently Asked Questions

• What is the severity of CVE-2017-7244?

  CVE-2017-7244 has a severity rating of High due to its potential for causing denial of service.

• How do I fix CVE-2017-7244?

  To fix CVE-2017-7244, upgrade to PCRE version 8.41 or later which addresses the invalid memory read flaw.

• What types of applications are affected by CVE-2017-7244?

  Applications that utilize the PCRE library, specifically versions prior to 8.41, are vulnerable to CVE-2017-7244.

• Can CVE-2017-7244 be exploited remotely?

  Yes, CVE-2017-7244 can be exploited remotely by attackers using crafted input files.

• What is the potential impact of CVE-2017-7244?

  The potential impact of CVE-2017-7244 includes application crashes leading to denial of service.