CVE-2017-7246
CVE Details
Visit the official vulnerability details page for CVE-2017-7246 to learn more.
Initial Publication
11/13/2024
Last Update
12/12/2024
Third Party Dependency
libpcre3
NIST CVE Summary
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
CVE Severity
Our Official Summary
This flaw allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. The images where this vulnerability is have controls in place are not accessible outside the cluster. So the attacker needs to gain privileged access to the cluster to attempt this exploit. Also the containers do not allow execution of arbitrary code. Impact of this exploit is also low, since container reduces the attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 12/12/2024 | Official summary added |