The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-02-16T11:00:00

Updated: 2024-08-05T15:18:49.451Z

Reserved: 2017-02-15T00:00:00

Link: CVE-2017-6004

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-02-16T11:59:00.147

Modified: 2023-11-07T02:49:48.630

Link: CVE-2017-6004

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-02-14T00:00:00Z

Links: CVE-2017-6004 - Bugzilla