CVE-2016-10253

An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
erlangerlang\/otp
18.0
erlangerlang\/otp
18.0:rc1
erlangerlang\/otp
18.0:rc2
erlangerlang\/otp
18.0.1
erlangerlang\/otp
18.0.2
erlangerlang\/otp
18.0.3
erlangerlang\/otp
18.1
erlangerlang\/otp
18.1.1
erlangerlang\/otp
18.1.2
erlangerlang\/otp
18.1.3
erlangerlang\/otp
18.1.4
erlangerlang\/otp
18.1.5
erlangerlang\/otp
18.2
erlangerlang\/otp
18.2.1
erlangerlang\/otp
18.2.2
erlangerlang\/otp
18.2.3
erlangerlang\/otp
18.2.4
erlangerlang\/otp
18.2.4.1
erlangerlang\/otp
18.3
erlangerlang\/otp
18.3.1
erlangerlang\/otp
18.3.2
erlangerlang\/otp
18.3.3
erlangerlang\/otp
18.3.4
erlangerlang\/otp
18.3.4.1
erlangerlang\/otp
18.3.4.2
erlangerlang\/otp
18.3.4.3
erlangerlang\/otp
18.3.4.4
erlangerlang\/otp
18.3.4.5
erlangerlang\/otp
19.0
erlangerlang\/otp
19.0:rc1
erlangerlang\/otp
19.0:rc2
erlangerlang\/otp
19.0.1
erlangerlang\/otp
19.0.2
erlangerlang\/otp
19.0.3
erlangerlang\/otp
19.0.4
erlangerlang\/otp
19.0.5
erlangerlang\/otp
19.0.6
erlangerlang\/otp
19.0.7
erlangerlang\/otp
19.1
erlangerlang\/otp
19.1.1
erlangerlang\/otp
19.1.2
erlangerlang\/otp
19.1.3
erlangerlang\/otp
19.1.4
erlangerlang\/otp
19.1.5
erlangerlang\/otp
19.1.6
erlangerlang\/otp
19.1.6.1
erlangerlang\/otp
19.2
erlangerlang\/otp
19.2.1
erlangerlang\/otp
19.2.2
erlangerlang\/otp
19.2.3
erlangerlang\/otp
19.2.3.1
erlangerlang\/otp
19.3
erlangerlang\/otp
19.3.1
erlangerlang\/otp
19.3.2
erlangerlang\/otp
19.3.3
erlangerlang\/otp
19.3.4
erlangerlang\/otp
19.3.5
erlangerlang\/otp
19.3.6
erlangerlang\/otp
19.3.6.1
erlangerlang\/otp
19.3.6.2
erlangerlang\/otp
19.3.6.3
erlangerlang\/otp
19.3.6.4
erlangerlang\/otp
19.3.6.5
erlangerlang\/otp
19.3.6.6
erlangerlang\/otp
19.3.6.7
erlangerlang\/otp
19.3.6.8
erlangerlang\/otp
19.3.6.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
erlang
bullseye
1:23.2.6+dfsg-1+deb11u1
fixed
wheezy
not-affected
bookworm
1:25.2.3+dfsg-1
fixed
sid
1:25.3.2.12+dfsg-3
fixed
trixie
1:25.3.2.12+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
erlang
artful
not-affected
zesty
not-affected
yakkety
ignored
xenial
Fixed 1:18.3-dfsg-1ubuntu3.1
released
trusty
not-affected
precise
not-affected
Common Weakness Enumeration
References
https://github.com/erlang/otp/pull/1108
https://usn.ubuntu.com/3571-1/
https://github.com/erlang/otp/pull/1108
https://usn.ubuntu.com/3571-1/