The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
{ "ubuntu_priority": "low", "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "libpcre16-3", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre16-3-dbgsym", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre3", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre3-dbg", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre3-dbgsym", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre3-dev", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre3-dev-dbgsym", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre3-udeb", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre3-udeb-dbgsym", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre32-3", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcre32-3-dbgsym", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcrecpp0v5", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "libpcrecpp0v5-dbgsym", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "pcregrep", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" }, { "binary_name": "pcregrep-dbgsym", "binary_version": "2:8.38-3.1ubuntu0.1~esm2" } ] }