An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
References
Link | Resource |
---|---|
https://github.com/erlang/otp/pull/1108 | Third Party Advisory |
https://usn.ubuntu.com/3571-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-03-18 13:59
Updated : 2018-07-11 08:07
NVD link : CVE-2016-10253
Mitre link : CVE-2016-10253
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
erlang
- erlang\/otp