The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
Find out more about CVE-2017-6004 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 9 | Fixed |
LIN9-3387 |
9.0.0.5 |
Wind River Linux 9.0.0.5 |
| Wind River Linux 8 | Fixed |
LIN8-5896 |
8.0.0.16 |
Wind River Linux 8.0.0.16 Wind River Linux 8.0.0.17 Wind River Linux 8.0.0.18 Wind River Linux 8.0.0.19 Wind River Linux 8.0.0.20 Wind River Linux 8.0.0.21 Wind River Linux 8.0.0.22 Wind River Linux 8.0.0.23 Wind River Linux 8.0.0.24 Wind River Linux 8.0.0.25 Wind River Linux 8.0.0.26 Wind River Linux 8.0.0.27 Wind River Linux 8.0.0.28 Wind River Linux 8.0.0.29 Wind River Linux 8.0.0.30 Wind River Linux 8.0.0.31 Wind River Linux 8.0.0.32 Wind River Linux 8.0.0.33 |
| Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
| Wind River Linux CD release | Not Vulnerable | -- | -- | -- |
| VxWorks | ||||
| VxWorks 7 | Not Vulnerable | -- | -- | -- |
| VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux 7 SCP | Not Vulnerable | -- | -- | -- |
| Linux 7 CGP | Not Vulnerable | -- | -- | -- |
pcre
